[Owasp-ireland] A real bank with a CSRF flaw!

davidrook david.rook at realexpayments.com
Tue Sep 30 03:59:38 EDT 2008

Hi all,

Interesting news story here:
http://www.theregister.co.uk/2008/09/30/web_bug_bites_sites/ thats
details how researchers from Princeton University found CSRF flaws in 4
websites including ING's bank website. The whitepaper that is linked in
the article is a good read and explains CSRF flaws and preventions very

Finally the example many people use (transferring funds from an online
bank using CSRF) to highlight the dangers of CSRF has become a reality.



David Rook | david.rook at realexpayments.com
Security Analyst

Realex Payments
Enabling thousands of businesses to sell online.

Realex Payments, Dublin, www.realexpayments.com
Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland
Tel: +353 (0)1 2808 559 Fax: +353 (0)1 2808 538

Realex Payments, London, www.realexpayments.co.uk
1 Hammersmith Grove, London W6 0NB, England
Tel: +44 (0)203 178 5370 Fax: +44 (0)207 691 7264

Pay and Shop Limited, trading as Realex Payments has its registered office at Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland and is registered in Ireland, company number 324929.

This mail and any documents attached are classified as confidential and
are intended for use by the addressee(s) only unless otherwise
indicated. If you are not an intended recipient of this email, you must
not use, disclose, copy, distribute or retain this message or any part
of it. If you have received this email in error, please notify us
immediately and delete all copies of this email from your computer

More information about the Owasp-ireland mailing list