Random tech links

I have just learned about Cross-site request forgery attack. Quoting Wikipedia:

For example, one user, Bob, might be browsing a chat forum where another user, Mallory, has posted a message. Suppose that Mallory has crafted an HTML image element that references a script on Bob’s bank’s website (rather than an image file):

<img src="http://bank.example/withdraw?account=bob&amount=1000000&for=mallory">

The variant of this attack was used by “but most of all, Samy is my hero” MySpace worm.

It’s a different beast from a more traditional Cross-site scripting

(via Tornado documentation, which offers a protection)