If you have been paying attention to Plone checkins, you might have noticed some checkins mentioning CSRF (Cross-Site Request Forgery) flying by. Today Secunia released an advisory about the issue.
As can be seen from the referenced paper, web technologies make some things just way too simple to hack around.
On a unrelated note, call me luddite, but I really think moving our life to the cloud presents way more unforeseen threats than our little brains can imagine.
Posted in plone, security, web2.0 | Tags: cloud plone security csrf
well, the attack was known but a lot of time, and wasn’t fixed. This is a shame, I think.
By: yurj on March 19, 2008
at 5:20 am
actually, the paper was already released last thursday — see http://www.securityfocus.com/archive/1/489544
and work on a hotfix is in progress…
cheers,
andi
By: witsch on March 19, 2008
at 6:05 am
|
 | Wayne Glover on Google SoC: Status Report… |
 | Sidnei da Silva on Google SoC: Status Report… |
| Wayne Glover on Google SoC: Status Report… |
| Sidnei da Silva on Google SoC: Status Report… |
| Wayne Glover on Google SoC: Status Report… |
