The Register’s Dan Goodin has news about a belated but significant move by Google to protect its GMail and other services from CSRF (cross site request forgery) attacks.
In recent days, Google’s login pages began setting a cookie with a unique token on each user’s browser. That same value is also embedded into the login form. If the two don’t match, the user will be unable to log in. Read the full article [theregister.co.uk]