

Ed Felten & Team Disclose 4 New CSRF Vulnerabilities, Can Transfer Funds From ING - tptacek
http://www.freedom-to-tinker.com/blog/wzeller/popular-websites-vulnerable-cross-site-request-forgery-attacks

======
tptacek
CSRF is "Cross-Site Request Forgery"; it's a simple problem: for many HTML
forms, you can craft an IMG tag that will "submit" (via GET) to it. For
others, XMLHttpRequest Javascript code can do the same thing for POST. In both
cases, the exploit is the same: a "drive-by" form submission from malicious
HTML rendered off any web page.

