Cross-site request forgery flaw on several prominent Web sites allows an attacker to perform actions on behalf of a victim who is already logged into the site Two Princeton University academics have found a type of coding flaw on several prominent Web sites that could jeopardize personal data and in one alarming case, drain a bank account. The type of flaw, called cross-site request forgery (CSRF), allows an attacker to perform actions on a Web site on behalf of a victim who is already logged into the site. Have you hear about the news that two Princeton University academics have published security flaws in some high traffic sites? Why do you you think these sites are taking their time in fixing the problem?

The link for this article located at InfoWorld is no longer available.