Skip to main content

Popular Banking and Video Websites Open To Cross-Site Hacking

A team of security researchers from Princeton University have listed cross-site request forgeries (CSRF) threats on four prominent websites, including YouTube, MetaFilter, ING Direct and the New York Times.

Although, YouTube, MetaFilter and ING Direct have already taken actions for fixing the bug, the New York Time’s website is yet to address the flaw; the researchers mentioned in a blog post.

According to the researchers one these vulnerabilities allow hackers to create a fake account on ING Direct’s website on behalf of the user and transfer funds from the user’s account to his account.

CSRF vulnerability would exploit the New York Times’ website for exploring new email addresses for spamming activities, whereas attackers could take over the user’s page on Metafilter, through the lost password feature.

Furthermore, the team stated that YouTube website is more prone to scripting attacks on almost every action a user performs on the website.

The researchers claimed that they have created two tools to counter the CSRF attacks, of which, one is a server-oriented tool that can protect the vulnerable site from CSRF attacks, whereas, the other one is client-oriented tool that is specifically designed for protecting users.

Désiré Athow
Contributor

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.