UI redress attacks (aka Clickjacking)
9 October 2008
Recently there has been quite a bit of noise about attacks involving a technique dubbed Clickjacking. The tale starts back in September when a talk planned for the OWASP conference was pulled at the last minute, due to concerns about disclosing details of the attack [1, 2].
The combination of the cancelled talk and scant attack details was sufficient to pique the interest of many, and speculation over the last few weeks about how the attack worked has been rife [3,4,5]. Earlier this week, the cat escaped its bag - a proof of concept demonstration of the attack was released . Since then, the original researchers have published full details [7,8].
So, exactly what is clickjacking? And what can you do to prevent being hit by it?
Was this reply helpful? (0) (0)