Search
The Confused Deputy and the Domain Hijacker - Via IEEE Security and Privacy:
The author discusses a common Gmail vulnerability, cross-site request forgery. During the time a user is authenticated to an online application, such as Web mail, the user's browser can be coerced into making authenticated requests to the application on a third party's behalf. Using that, it's quite simple to hijack domains that don't belong to you.
(Read Original Article - Via IEEE Security and Privacy.)
Delicious
Digg
Reddit
Google
Yahoo
Technorati