aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJavier Vidal <javier@javiervidal.net>2014-11-22 16:46:43 +0100
committerJavier Vidal <javier@javiervidal.net>2014-11-22 16:48:58 +0100
commitee5dfe27277dab94e3b22507389057aaeb8c7160 (patch)
tree4c096c48da4eb75db98b8c4cb1e52abea333bfbb
parent555f95bd0621b8d2e666f6989927eee7d4b7f42d (diff)
downloadrails-ee5dfe27277dab94e3b22507389057aaeb8c7160.tar.gz
rails-ee5dfe27277dab94e3b22507389057aaeb8c7160.tar.bz2
rails-ee5dfe27277dab94e3b22507389057aaeb8c7160.zip
Fixing wrong link in 'Ruby on Rails Security Guide' [ci skip]
The URL http://www.h-online.com/security/Symantec-reports-first-active-attack-on-a-DSL-router--/news/102352 points to an article titled 'The H is closing down'. The good one is: http://www.h-online.com/security/news/item/Symantec-reports-first-active-attack-on-a-DSL-router-735883.html
-rw-r--r--guides/source/security.md2
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md
index 125dd82666..b1c5b22338 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -362,7 +362,7 @@ Refer to the Injection section for countermeasures against XSS. It is _recommend
**CSRF** Cross-Site Request Forgery (CSRF), also known as Cross-Site Reference Forgery (XSRF), is a gigantic attack method, it allows the attacker to do everything the administrator or Intranet user may do. As you have already seen above how CSRF works, here are a few examples of what attackers can do in the Intranet or admin interface.
-A real-world example is a [router reconfiguration by CSRF](http://www.h-online.com/security/Symantec-reports-first-active-attack-on-a-DSL-router--/news/102352). The attackers sent a malicious e-mail, with CSRF in it, to Mexican users. The e-mail claimed there was an e-card waiting for them, but it also contained an image tag that resulted in a HTTP-GET request to reconfigure the user's router (which is a popular model in Mexico). The request changed the DNS-settings so that requests to a Mexico-based banking site would be mapped to the attacker's site. Everyone who accessed the banking site through that router saw the attacker's fake web site and had their credentials stolen.
+A real-world example is a [router reconfiguration by CSRF](http://www.h-online.com/security/news/item/Symantec-reports-first-active-attack-on-a-DSL-router-735883.html). The attackers sent a malicious e-mail, with CSRF in it, to Mexican users. The e-mail claimed there was an e-card waiting for them, but it also contained an image tag that resulted in a HTTP-GET request to reconfigure the user's router (which is a popular model in Mexico). The request changed the DNS-settings so that requests to a Mexico-based banking site would be mapped to the attacker's site. Everyone who accessed the banking site through that router saw the attacker's fake web site and had their credentials stolen.
Another example changed Google Adsense's e-mail address and password by. If the victim was logged into Google Adsense, the administration interface for Google advertisements campaigns, an attacker could change their credentials.