Clickjacking is nothing new but so far nobody really came up with a way to use it for bad things. I guess this has changed and some guys tried to present about their discovery at the OWASP (Open Web Aplication Security Project) conference in New York this month but I guess too much explosive material in it and the presentation was canceled. So what is clickjacking? It makes a user click on a link/button/etc. that is only visible for a short time or hardly visible.
I personally was thinking about this for years, ebing annoyed by Widnows behavior of switching the focus of windows, right int he middle when I was typing a password...I think most of us had that happen to us, at least sot of us power users ;-) This might not qualify as a clickjacking attack but for sure it is anoying and has resulted in at least oen of my passwords goign out via IM message to a friend.
Read more about clickjacking (or why nobody should know about the security problems associated with it) here:
http://ztrek.blogspot.com/2008/09/possible-clickjacking-security-flaws-in.html
http://ha.ckers.org/blog/20080915/clickjacking/
http://jeremiahgrossman.blogspot.com/2008/09/cancelled-clickjacking-owasp-appsec.html
1SSA - Security consulting, training and products: http://www.1ssa.net
skip to main |
skip to sidebar
Solutions that protect your assets and people in a changing world
The latest news around Information Security from various sources.
Solutions that protect your assets and people in a changing world
Who is reading
Search This Blog
Security News Digest
Posts
Subscribe Email
Digg & Twitter
 |
Blog Archive
-
▼
2008
(53)
-
▼
September
(34)
- Cros site request forgery - What comes next?
- Adobe Exploit toolkit in the wild
- Brits happy to hand over password details for £5 g...
- Cloned US ATM cards used in the UK at self checkouts
- Passport snooping public servant faces year in prison
- World's electrical grids open to attack
- US and China top cyber attacker list
- Certification still pays for CISSPs, CISMs
- Two-Third of US companies victim of cybe-crime in ...
- Kaspersky with new patents...faster and better in ...
- DNSSEC for .gov
- After Trend now Kaspersky...killing Windows Vista
- Clickjacking...what comes next?
- NSA snooping on cell phone calls
- Phishing is out and Trojans are back in according ...
- Business Week website hacked - Another victim of S...
- Hackers infiltrate Large Hadron Collider systems
- Cloud computing may draw government action - Netwo...
- iPhone records all user actions according to a Iph...
- Stolen laptops at airport number too high?
- PwC in Germany looses unknown number of user data ...
- 4 critical patches coming from Microsoft in the Se...
- Trend Micro identifying Microsoft operating system...
- The Number of Machines Controlled by Botnets Has J...
- Study: 88% of IT Pros Would Steal Passwords or Dat...
- Security spending continues despite shaky economy,...
- Procter & Gamble outsources security to IBM, but k...
- Hackers attacking Iraq's vulnerable computers
- Online Gamers target of Virus authors
- Data breaches in 2008 outpaces 2007's
- Vmware - security problems
- USB stick/Thumbdrive - AES encryption cracked
- BBC - Man's 'pants' password is changed
- Welcome to 1SSA's security blog!
-
▼
September
(34)
Disclaimer
Links to third party Web sites on this Site are provided solely as a convenience to you. If you use these links, you will leave this Site. 1SSA has not reviewed all of these third party sites and does not control and is not responsible for any of these sites or their content. Thus, 1SSA does not endorse or make any representations about them, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third party sites linked to this Site, you do this entirely at your own risk.
References/Quotes/Copyright
It is hereby granted to Copy/Link/Quote material found on the 1SSA Blog, but only(!) when a reference to the 1SSA site or this blog is being made.
References/Quotes/Copyright
It is hereby granted to Copy/Link/Quote material found on the 1SSA Blog, but only(!) when a reference to the 1SSA site or this blog is being made.