Could you point me in the direction of some more information on these attacks? P... | Hacker News

Hacker Timesnew | past | comments | ask | show | jobs | submit

		weavejester on Jan 7, 2009 \| parent \| context \| favorite \| on: Detecting twitter users with JavaScript - handy or... Could you point me in the direction of some more information on these attacks? Presumably they're XSS attacks, but I can't imagine how services like Facebook and Gmail are vulnerable to them. Does Facebook integrate with common webmail services or something?

oddgodd on Jan 7, 2009 | [–]

I suspect the grandparent is referring to a "cross site request forgery" (XSRF) style attack.

ErrantX on Jan 8, 2009 | [–]

There isn't a lot of information. I believe there are some white papers in progress. But the other poster is right: it is based on XSRF attacks and screen scraping.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact