Monday, February 18, 2008

CSRF Exploits Could Tarnish Forensics

Dennis Fisher writes on SearchSecurity.com:

Web application vulnerabilities have gotten more than their fair share of attention in the last few years, especially the widespread problem of cross-site scripting. But another flaw that many security experts consider a disaster waiting to happen is proving to be a serious problem for law enforcement agents and forensics investigators.

Known as cross-site request forgery (CSRF), the vulnerability often is used by attackers to force a victim into unknowingly submitting requests to third-party Web sites. In this way, an attacker could force a user to retrieve images, submit or retrieve data or perform any number of other functions on a site, which can seriously muddy the waters when an investigator is trying to trace a user's online actions. Experts say this is becoming an increasingly common problem in cases in which someone is accused of downloading illicit material or taking other illegal actions online.

"I see this in a lot of cases where the defendant definitely could say that it was CSRF," said Chuck Willis, a principal consultant at Mandiant in Alexandria, Va., and a former special agent in U.S. Army Counterintelligence. "It's a problem for forensics people who aren't as familiar with it and might not understand whether it's possible that CSRF could be blamed for what the defendant is accused of."

More here.

0 Comments:

Post a Comment

<< Home