Topics
Tags
Favorite Links
Translate
Pick Your Language
Security Books
Archives
Recent entries...
Twitter
Sponsored Ads
Popular Pages
Sponsored Ads
The Web Security Mailing List

« Firefox 3.0.6 Released To Address Multiple Security Issues | Main | PHP filesystem attack vectors »

Revising netflix's CSRF

Dave Ferguson writes

"Back in 2006, I put out some findings about CSRF on Netflix's web site.  I thought people might be interested to know that I revisited the issue recently and was shocked to find Netflix
still hasn't fixed all their CSRF issues, at least when it comes to movie queues.  You can read more about it here:

http://appsecnotes.blogspot.com/2009/01/netflix-csrf-revisited.html"

Posted by Robert A. on 02/07/2009 in Incidents | Permalink | Reddit

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!



Certainly it's easy to fix, I bet NFlix left it in for a business reason - some service probably depends on it.

Posted by: Jim Manico | Feb 11, 2009 12:07:58 PM

Post a comment







Remember personal info?


Copyright 2000-2009 CGISecurity.com | Privacy Policy| java mailing list| resolve ip| Mailing Lists | Sony deals