Cross-site request forgery (XSRF)

User follows a link (from email, irc, ...) that quietly causes some action on a different site
For GETs that change the state, the page could have an <img src=deviceURL?DNS1=ip>
- Cookies get helpfully sent along by browser
An iframe or other scheme to create a FORM and submit it to deviceURL/form, cookies too
deviceURL can be guessed (192.168.1.1?) for many devices

User follows a link (from email, irc, ...) that quietly causes some action on a different site