Very slick. NoScript and Adblock were of no help there.
Researcher Lance James has been busy devising ways to play tricks on some of the world's bigger websites using an exotic attack known as CSRF, or cross site request forgery. While his exploits amount to little more than pranks, they point to the very sobering realization that the net isn't a very secure place. One proof-of- …
Those demonstrations have to submit the cross-site requests as HTTP GET, because they're images and redirects (which happen automatically). But the requests being made are state-changing, so they should be POSTs (requiring user interaction). How would a check in the website's server-side form processing for GET vs POST (or for the HTTP referrer, for that matter) inconvenience the user?
"While his exploits amount to little more than pranks, they point to the very sobering realization that the net isn't a very secure place."
Welcome to 1995, the year when everyone else already figured this out.
By sobering realization I can only assume you mean you've been too drunk to notice the net is inherently insecure for the last 14 years.
Biting the hand that feeds IT © 1998–2021