diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)

Jan282009

IE8 ‘ClickJacking’ security defenses

One of the most subtle and interesting web application security vulnerabilities is called Cross Site Request Forgery (CSRF), known as ClickJacking. As we designed Internet Explorer 8 as of now RC1, we had to be very careful not to increase the browser’s attack surface for CSRF attacks. IE8’s new XDomainRequest object, for instance, allows cross-domain communication upon explicit permission of the server, but contains specific restrictions to ensure that new types of CSRF attacks are not made possible. End-users can mitigate the impact of CSRF attacks by logging out of sensitive websites when not in use, and by browsing in independent InPrivate Browsing sessions.[…]

Full Article

Share This Story, Choose Your Platform!

Do NOT follow this link or you will be banned from the site!