Way, way back in late October of 2010, more than a month before FA would learn what happens when they ignore security concerns, Eevee
published a list of exploits he had discovered on the site. All in all, there were about thirty exploits listed. Over time, a few of them would be fixed, usually when they
became a problem.
Yesterday was March 20th, 2014. 1,236 days since Eevee's list was posted. In that amount of time entire new art sites have been coded and brought online. FA, on the other hand,
still has yet to fix at least one of the exploits, probably one of the most glaring and easy to fix ones on the list: Using CSRF, you can still force a user to logout by hiding "
http://www.furaffinity.net/logout/" in image tags, as it contains no security token.
Somehow, the thread about it on the FA Forums still exists, with the exploit present in the OP, perhaps as proof they have reached a whole new level of not caring.
