Comments on: Click Jacking – The new threat on the web? http://john.beynon.org.uk/2008/11/05/click-jacking-the-new-threat-on-the-web/ Confessions of a code Junkie and anything else i fancy! Thu, 14 Jan 2010 03:02:54 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: web http://john.beynon.org.uk/2008/11/05/click-jacking-the-new-threat-on-the-web/#comment-1678 web Tue, 24 Feb 2009 14:24:34 +0000 http://john.beynon.org.uk/2008/11/05/click-jacking-the-new-threat-on-the-web/#comment-1678 It is all click jacking and we might see more such attacks in future. The quickest fix for this attack is - DO NOT let your site be loaded in an iframe. Thats it! if (window.parent.frames.length>0) { //you are framed. //Go to your site without frame window.parent.location=location; } It is all click jacking and we might see more such attacks in future.

The quickest fix for this attack is – DO NOT let your site be loaded in an iframe. Thats it!

if (window.parent.frames.length>0) {
//you are framed.
//Go to your site without frame
window.parent.location=location;
}

]]> By: Security Monkey http://john.beynon.org.uk/2008/11/05/click-jacking-the-new-threat-on-the-web/#comment-1540 Security Monkey Sat, 10 Jan 2009 19:22:21 +0000 http://john.beynon.org.uk/2008/11/05/click-jacking-the-new-threat-on-the-web/#comment-1540 The "legit" site doesn't need to be hacked. If you look at the example site, they are loading a frame of the real site (myspace) from their dodgy page, causing your clicks on their page to do things on the legit site. The “legit” site doesn’t need to be hacked. If you look at the example site, they are loading a frame of the real site (myspace) from their dodgy page, causing your clicks on their page to do things on the legit site.

]]> By: johnb http://john.beynon.org.uk/2008/11/05/click-jacking-the-new-threat-on-the-web/#comment-1538 johnb Thu, 08 Jan 2009 13:05:33 +0000 http://john.beynon.org.uk/2008/11/05/click-jacking-the-new-threat-on-the-web/#comment-1538 in theory - but the website could have been purposely built with an exploit like this in place - we all know how the phishing scams take place and get people to give up their details, click on links etc. in theory – but the website could have been purposely built with an exploit like this in place – we all know how the phishing scams take place and get people to give up their details, click on links etc.

]]> By: Hari Karam Singh http://john.beynon.org.uk/2008/11/05/click-jacking-the-new-threat-on-the-web/#comment-1537 Hari Karam Singh Thu, 08 Jan 2009 11:27:06 +0000 http://john.beynon.org.uk/2008/11/05/click-jacking-the-new-threat-on-the-web/#comment-1537 But doesn't it still require that you download a dodgy plugin or that the website gets hacked or allows dodgy scripts in it posting areas on the same page as its logins? But doesn’t it still require that you download a dodgy plugin or that the website gets hacked or allows dodgy scripts in it posting areas on the same page as its logins?

]]> By: John Gag http://john.beynon.org.uk/2008/11/05/click-jacking-the-new-threat-on-the-web/#comment-1412 John Gag Wed, 05 Nov 2008 15:52:02 +0000 http://john.beynon.org.uk/2008/11/05/click-jacking-the-new-threat-on-the-web/#comment-1412 Pretty interesting stuff Pretty interesting stuff

]]>