CSRF, Anti-DNS Pinning and NTLM

Mark Goodwin has written a neat discussion of the extra problems that CSRF causes when used alongside DNS pinning attacks and against intranets that use NTLM authentication (AKA Integrated Windows Auth)

The short version is that you might be able to use CSRF and anti-DNS pinning attacks to steal resources from an intranet, including those that need auth NTML authentication.

Getahead predates DWR by quite a while, and Mark has worked with me on a few projects. For the past few years he's been a serious security head, and he's just started blogging.

I'm not going to link to all his posts, so if you are interested in security; subscribe, and I'll get on with the Ajax and Java stuff.


Comments have been turned off on old posts