Bill Zeller and Ed Felten have published a report on Cross-Site Request Forgery attacks on popular Web sites:We found four major vulnerabilities on four different sites. These vulnerabilities include what we believe is the first CSRF vulnerability that allows the transfer of funds from a financial institution. We contacted all the sites involved and gave […]

More: continued here