Clickjacking Circumvented By Researchers at Top WebsitesBy Baselinemag | Posted 2010-05-28 Print
Clickjacking uses malicious iframes to take control of a web surfer's clicks and hijack their web session. The term clickjacking was first used in 2008 by WhiteHat Security CTO Jeremiah Grossman and Robert "RSnake" Hansen, CEO of SecTheory. In order to combat the attack, websites instituted techniques known as frame busting, which prevent a site from running when it is loaded inside a frame.New research has found a common defense used by websites to prevent clickjacking attacks can be broken.
According to researchers from Stanford University and Carnegie Mellon University, frame-busting isn't as effective at preventing clickjacking as hoped. An analysis of the Top 500 websites ranked by Alexa found all of the frame busting implementations could be circumvented. Some of the circumventions were browser-specific, while others worked across all browsers, the researchers found.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...