Sunday, September 28, 2008

Clickjacking Attacks

A whole bunch of popular web browsers, including Internet Explorer, Safari, Firefox, Opera, and Google Chrome, are susceptible to a new class of attacks. Such great news.

The dirty little details of the multiple flaws (there may be as many as six different ones, depending on who you ask) aren't readily available, because the researchers who outlined their findings as a security conference last week are trying to keep a lid on it while vendors work on a fix.

What is known is that clickjacking is similar to cross-site request forgery, but it's just different enough that current CSFR security controls built into browsers, sites, and web apps are essentially worthless.

No comments:

Post a Comment

Please tell me what you think.