Clan x86
Technical (Development, Security, etc.) => General Security Information => Topic started by: iago on September 26, 2008, 11:31:27 am
-
Rsnake "discovered" a new type of attack called clickjacking (http://ha.ckers.org/blog/20080915/clickjacking/). He was originally going to present it at today's OWASP conference, but voluntarily kept the lid on it because of the widespread implications.
There has been a lot of discussion about what this might be, but Michel Zalewski (a Google researcher) posted a pretty detailed description (http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2008-September/016284.html) of a problem that sounds like something that would be called Clickjacking (he called it a "UI Redress" attack). Zalewski wrote Silence on the Wire (http://lcamtuf.coredump.cx/silence.shtml), which is still my favourite security book.
So yeah, if you read the first part of Zakewski's post, it's pretty interesting!