February 2nd, 2009, 12:11 PM
Clickjacking: IE8 & Chrome
First Microsoft touts clickjacking protections in Internet Explorer 8, then a security researcher releases a proof of concept for a clickjacking attack targeting the Google Chrome Web browser. Clickjacking, some say, remains an issue that will require cooperation in the security community.
And IE8 might not be as bullet proof as MS would have you think?
If you use FF 3.0.5 and NoScript you can set NS to mitigate against this.
Grossman suggested browser vendors consider bundling in the NoScript Firefox plug-in by default.
"NoScript has powerful security features that can prevent clickjacking as well as many other Web-based attacks, which also allows users to tune their own level of desired security," he added. "For Internet Explorer, Opera, Google Chrome, etc., they should embed similar features and functionality in their products."
February 2nd, 2009, 01:33 PM
if you are using ie7/8 then just install the ie7 pro addon and it has stuff that can help block this clickjacking rubbish..
The ie8 version is still in development mode, but the ie7 addon will still work just some features will not be enabled.
February 2nd, 2009, 02:09 PM
That's a great link t34b4g5,
Why didn't you tell us about it before?
Seriously though, it shows just how "M$ institutionalised" I have become.
Back in the day, you always looked for add-ins to Win 3.x, 9.x, NT4, Office and IE. Since Win2000 and XP I haven't really bothered to look for anything other than alternatives rather than enhancements.
Linux is a different story of course. That is the very stuff of open source communities.
Thanks mate! you have taught an old dog a new trick
By t34b4g5 in forum Security News
Last Post: October 21st, 2008, 03:15 PM
By nihil in forum Web Security
Last Post: September 11th, 2008, 11:48 AM
By nihil in forum Security News
Last Post: September 8th, 2008, 02:24 AM
By fourdc in forum AntiOnline's General Chit Chat
Last Post: September 7th, 2008, 11:20 PM