Even More Advanced Clickjacking

Clickjacking is one of these types of attacks which are incredibly simplistic to perform, yet very powerful in today’s web-driven world. In this post I would like to draw you attention to one more technique that can be used to perform successful clickjacking.

Basically the browser slowly becomes a quite powerful graphical environment. This is due to two relatively new features such as the canvas and support for SVG (Simply Vector Graphic). Interestingly enough, SVG is not so simple. [...]

more | comments | comments rss | posted by

More Advanced Clickjacking – UI Redress Attacks

This will be a quick post just to share some POCs and more information regarding the recent Clickjacking technique, i.e. UI Redress Attack, a name suggested by Michael Zalewski.

Clickjacking is an oldie but, a goodie. You can track the origin of the attack back at the beginning of this decade. Clickjacking is essentially the anti-CSRF killer. It is also the killer of Flash, AJAX (because AJAX apps are sometimes easier to clickjack, look at Google) and some other technologies. [...]

more | comments | comments rss | posted by