New browser-agnostic clickjacking exploit

Jeremiah Grossman and Robert "Rsnake" Hansen initially planned to reveal details on a new browser-agnostic clickjacking exploit at the Open Web Application Security Project (OWASP) in New York City. The term "clickjacking" refers to a process by which a user is forced to click on a link without his or her knowledge—the link itself may […]

Share online:

Jeremiah Grossman and Robert "Rsnake" Hansen initially planned to reveal details on a new browser-agnostic clickjacking exploit at the Open Web Application Security Project (OWASP) in New York City.

The term "clickjacking" refers to a process by which a user is forced to click on a link without his or her knowledge—the link itself may be nearly invisible or visible for only a fraction of a second. Clickjacking isn't a new attack vector, but according to Grossman and Hansen, it's one that is "severely underappreciated and largely undefended." What makes the attack noteworthy, in this case, is that it appears to be completely browser-agnostic, and affects both Firefox 2 and 3, all versions of IE (including 8), and presumably all versions of Opera, Konquerer, Safari, and whatever other extremely marginalized and/or FailCat type of browser one might use to surf the web. The only browsers currently immune to whatever it is the two men discovered are text-based products, such as Lynx.

Full Article

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.