If you use cPanel to administer your website or certain Linksys or Netgear devices to route traffic over your wireless network, you're susceptible to web-based attacks that could take complete control of your systems, two security researchers said Saturday.
All three wares contain CSRF, or cross-site request forgery, holes that can exploited when the user does nothing more than surf to the wrong site. Web-application security experts Russ McRee of HoisticInfoSec.org and Mike Bailey of Skeptikal.org said they've alerted officials at all three companies to the weaknesses and so far all have failed to fix them.
"CSRF is bad stuff," Bailey told a standing-room audience at the Defcon hacker conference in Las Vegas. "It's a very under-appreciated vulnerability, and it's all over the place. Because it usually gets rated as a pretty minimal issue it almost never gets fixed, and that means that we have these kinds of holes all over."
MORE: