Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×
Security

+ - SPAM: Researcher shows new clickjacking methods

alphadogg writes: A computer security researcher has released a new browser-based tool that can be used to experiment with next-generation "clickjacking" attacks along with details of the four new techniques.

Clickjacking is a style of attack where a user is tricked into clicking on certain parts of a Web page with hidden buttons that perform malicious actions. The hidden buttons are delivered by an invisible iframe, which is a window that brings other content into the target Web site.

Paul Stone, a security consultant with Context Information Security in the U.K., revealed four new kinds of clickjacking attacks on Wednesday at the Black Hat conference that are effective against most Web sites and browsers. Stone showed one demonstration that used the drag-and-drop API implemented in all browsers. With some social engineering, users can be tricked into dragging an item on a Web page, which would cause text to be inserted into fields

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Researcher shows new clickjacking methods

Comments Filter:

"Well, it don't make the sun shine, but at least it don't deepen the shit." -- Straiter Empy, in _Riddley_Walker_ by Russell Hoban

Working...