Good post from Jeff Atwood about cross-site request forgery (CSRF) attacks. One thing that comes to mind is that this is an example of the best kind of security exploit - one where the exploit depends on the target system doing the right thing. A Web server is meant to respond to URL requests, and determine its response according to the browser credentials and any arguments passed in with the URL.
A CSRF attack essentially consists of arranging things so that users cause this to happen without being aware of it; for example, placing an object on some other Web site that carries a link to the target URL, or a button that causes an HTTP POST to a target URL as well as whatever it's meant to do. As a refinement, you could so arrange things that the request was passed through something you control, so you can snarf the credentials and perhaps also the reply.
Rough; but it's precisely the fact that you can do this sort of thing that lets you do all sorts of Web-application magic. What happens when you call a third-party API (or even just an image hosted somewhere else) from within the browser? That's right, the user loads your Web page and incidentally loads the third-party service's URL with their browser credentials.This is how the del.icio.us feed in my sidebar (on TYR 2.0) gets there. Oh noes, no YouTube or embedded GMaps, or a whole lot of other useful stuff.
Oh well, enough of that. Does anyone know of a Firefox extension or similar that lets me submit comments I leave on other people's blogs to a service like del.icio.us? I specifically don't want a blogging tool, I just want to keep the comment URL, the URL of the related post if separate (i.e. haloscan style), and the text of the comment, and perhaps some tags.