Tuesday, September 30, 2008

Clickjacking

Finally I found a good description of Clickjacking, and find it hilarious that I used to play this game on people in High School making it impossible for them to push the button. This is just a reversal of that concept plus invisibility.

Snipped from:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9115818&intsrc=hm_ts_head

What is clickjacking? Good question. Getting to an answer, though, is a little tough, since Hansen and Grossman are keeping virtually all details confidential, at least for now. Here's how Grossman put it to Computerworld last Friday:

"Think of any button on any Web site that you can get to appear between the browser walls. Wire transfers on banks, Digg buttons, CPC advertising banners, Netflix queue.... The list is virtually endless, and these are relatively harmless examples. Next, consider that an attack can invisibly hover these buttons below the users' mouse, so that when they click on something they visually see, they actually are clicking on something the attacker wants them to."

No comments: