Author Topic: Clickjacking  (Read 2690 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Clickjacking
« on: September 26, 2008, 11:31:27 am »
Rsnake "discovered" a new type of attack called clickjacking. He was originally going to present it at today's OWASP conference, but voluntarily kept the lid on it because of the widespread implications.

There has been a lot of discussion about what this might be, but Michel Zalewski (a Google researcher) posted a pretty detailed description of a problem that sounds like something that would be called Clickjacking (he called it a "UI Redress" attack). Zalewski wrote Silence on the Wire, which is still my favourite security book.

So yeah, if you read the first part of Zakewski's post, it's pretty interesting!