On September 29, 2008 we published details of four CSRF vulnerabilities we found on four major websites. We also released a paper describing the vulnerabilities and client and server side mitigation techniques. More details can be found in our Freedom-to-Tinker blog post.

Versions of the paper

October 15, 2008 (current version)

September 29, 2008 (initial release)