Next Generation Clickjacking

14 Apr 2010

Clickjacking is a term first introduced by Jeremiah Grossman and Robert Hansen in 2008 to describe a technique whereby cross-domain attacks are performed by 'hijacking' user-initiated mouse clicks to perform actions 

In this paper, Paul Stone explores other ways a user can be tricked into interacting with a framed web page, that could allow an attacker to inject arbitrary text into forms and extract content from a web page. Paul shows a new technique that allows information leaded from an iframe to be used for login detection and many other purposes. 

CHECK IT Health Check Service
Cyber Essentials
CESG Certified Product
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor