CSRF – yet another security issue you should worry about NOW.

Read this.

CSRF (wikipedia), a cross-site request forgery, is one of the most recent and under-publicized attacks on the web. It boils down to a user browsing to a web site, downloading a web page, and unknowingly, submitting requests to other web servers, usually with malicious intent. The example linked above demonstrates a hack where a specially crafted URL is formed that actually changes the settings on a common DSL router used in Mexico (by relying on the fact the user name/password combination is well known and unlikely to have changed).

If you allow user input in a web application our on a web site (even as part of a forum or blog comments), you could be unwittingly providing hackers a friendly spot in which they can inject these well-formed, but malicious URLs to be hosted. Unfortunately, they’re very difficult to track down.

I moderate all comments on my web site so that no unwanted links become published.

But, if you write software — consider all avenues of data entry, etc. Trust NO INPUT. Don’t trust the data that is in your database. Assume that it has been compromised. Assume nothing.

WiredPrairie

Yet another tech blog.

Recommendations

You don’t need it, but you might want it any way: Ubiquiti Unifi

How to make your too soft Tempur-pedic Bed comfortable

Alternatives to Monopoly: Some table-top board games you should try

Geek gift ideas 2016

Changing password requirements in Linux Subsystem for Windows (or Bash on Ubuntu on Windows)

Ecobee’s ecobee3 Thermostat

Made in the USA Camera Bag Manufacturers

My Raspberry Pi 2 Model B setup

Kenu Airframe Portable Car Mount

Attaching a GoPro Hero with Aero Bars from RedShift

CSRF – yet another security issue you should worry about NOW.

Related