Tuesday, October 7, 2008

Clickjacking - should you be worried?

Nearly all browsers are vulnerable to this new attack class, but details are scarce

Worth reading Q&A on clickjacking:

Excellent explanation by Schneier:
In plain English, clickjacking lets hackers and scammers hide malicious stuff under the cover of the content on a legitimate site. You know what happens when a carjacker takes a car? Well, clickjacking is like that, except that the click is the car.
"Clickjacking" is a stunningly sexy name, but the vulnerability is really just a variant of cross-site scripting. We don't know how bad it really is, because the details are still being withheld. But the name alone is causing dread.

Refer here to read full details on Clickjacking.

No comments: