IE8 'ClickJacking' security defenses

One of the most subtle and interesting web application security vulnerabilities is called Cross Site Request Forgery (CSRF), known as ClickJacking. As we designed Internet Explorer 8 as of now RC1, we had to be very careful not to increase the browser’s attack surface for CSRF attacks. IE8’s new XDomainRequest object, for instance, allows cross-domain communication […]

One of the most subtle and interesting web application security vulnerabilities is called Cross Site Request Forgery (CSRF), known as ClickJacking. As we designed Internet Explorer 8 as of now RC1, we had to be very careful not to increase the browser’s attack surface for CSRF attacks. IE8’s new XDomainRequest object, for instance, allows cross-domain communication upon explicit permission of the server, but contains specific restrictions to ensure that new types of CSRF attacks are not made possible. End-users can mitigate the impact of CSRF attacks by logging out of sensitive websites when not in use, and by browsing in independent InPrivate Browsing sessions.[…]

Full Article

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.