now featuring more words.

Web bug causing trouble

Posted in News by Aimee
12:09 pm | October 4, 2008

Researchers at Princeton University are trying to figure out how to kill a nasty bug that’s making its way around the internet. So far they’ve found four cross-site request forgeries in some of the world’s most popular sites. One of these was a financial institution. According to TheRegister, some vulnerabilities were found in Firefox and Explorer sites.

“The most serious vulnerability by far was in the website of global financial services company ING Direct. The flaw could have allowed an attacker to transfer funds out of a user’s account, or to create additional accounts of behalf of a victim, according to this post from Freedom to Tinker blogger Bill Zeller.”

Tags: , , ,
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Web bug causing trouble”:

The key to generating better security on the web is for companies to be proactive, not reactive, about it. That ING and the NYTimes fixed the bugs quickly is good. Preventing the attacks would have been better.

A good related post to this: If security isn’t built in, it’s not there
http://www.pcis.com/web/vvblog.nsf/dx/if-security-isnt-built-in-its-not-there

Other resources:
web application security solution
http://www.boonbox.net/devfense.htm

White paper: Implications of outsourcing web application security
http://www.boonbox.net/pdf/WP_OutsourcingWAS_2008August.pdf

Posted by Jerry on October 6, 2008 5:08 pm

Add a Comment to “Web bug causing trouble”:

Required
Optional
Required

This blog uses Akismet to eliminate comment spam.

Twitter