Cross USer Request Forgery (CUSRF: pronounced "See You Surf") is a new and emerging type of Cross-Site Request Forgery (CSRF) attack that affects users of collaboration platforms and applications, such as LinkedIn and Google Docs.
CUSRF exploits vulnerabilities in social networks to reveal a victim's true identity. Due to special technical characteristics of CUSRF attacks, most traditional counter-measures are irrelevant to the attack's mitigation. This presentation will:
- Give a brief intro of CSRF
- Examine the anatomy of a CUSRF attack, with examples
- Discuss mitigation techniques for both consumers and platform providers