On September 29, 2008 we published details of four CSRF vulnerabilities we found on four major websites. We also released a paper describing the vulnerabilities and client and server side mitigation techniques. More details can be found in our Freedom-to-Tinker blog post.
Versions of the paper
October 15, 2008 (current version)
September 29, 2008 (initial release)