A pair of Princeton University researchers announced Monday that they have discovered cross-site request forgery (CSRF) vulnerabilities on four popular websites — ING Direct, YouTube, MetaFilter and The New York Times.
Researchers found CSRF vulnerabilities on The New York Times website which made user email addresses available to an attacker. On ING Direct's website, attackers could open up bank accounts on behalf of a user and transfer funds into their own account.
Read the full article here: http://www.scmagazineus.com/Popular-websites-fall-victim-to-CSRF-exploits/article/118564/
1SSA - Security consulting, training and products: http://www.1ssa.net