Thursday, October 19, 2006

NetFlix Fixes a Cross-Site Request Bug

Netflix has fixed a bug on their site that may allow an attack called Cross Site Request Forgery. This type of attack may allow an outsider to change your address, add movies to your queue, and otherwise manipulate your account. An attack like this works if you normally stay logged in to a site, and you visit another hostile website that includes code to take advantage of the weakness. Other Web 2.0 sites may also be at risk for this attack, according to the story on ZD Net at http://news.zdnet.com/2100-1009_22-6126438.html.