Clickjacking

By Jim Zellmer on October 13, 2008 10:06 AM | No Comments | No TrackBacks

Gregg Keizer:

Last week, a pair of security researchers spread the news that a new class of vulnerabilities, called "clickjacking," puts users of every major browser at risk from possible attack.

Robert Hansen, founder and chief executive of SecTheory LLC, and Jeremiah Grossman, chief technology officer at WhiteHat Security Inc., spilled some beans last week after they gave a semi-closed presentation at OWASP AppSec 2008 in New York.

Maybe because of the catchy name, or perhaps because it's actually serious stuff, clickjacking got some press. But that still leaves open the question: Just how spooky is it? Are we talking run-for-the-hills scary, or is this just another theoretical attack vector? And what should you do to protect yourself?

We have questions, as usual, and fewer straight answers than we'd like.

What is clickjacking? Good question. Getting to an answer, though, is a little tough, since Hansen and Grossman are keeping virtually all details confidential, at least for now. Here's how Grossman put it to Computerworld last Friday:

Categories:

No TrackBacks

TrackBack URL: http://www.virtualbroker.com/cgi-bin/mt4/mt-tb.cgi/9

Leave a comment

Categories

Monthly Archives

Pages

Search

About this Entry

This page contains a single entry by Jim Zellmer published on October 13, 2008 10:06 AM.

The Paperless Office: On its way, at last was the previous entry in this blog.

The Digital Company: 2013 is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.