Security Basics
Eliminate iframes Jun 21 2013 01:31PM
Andre Silaghi (andre silaghi googlemail com) (1 replies)
Re: Eliminate iframes Jun 21 2013 02:53PM
Adolfo Abegg (adolfo abegg vendoservices com)
Look, this is the way paypal does it (I just copied it from their front
page source code)

They have this in the <head> section
<style type=3D"text/css" id=3D"antiClickjack">
body {display: none !important;}
</style>
<script type=3D"text/javascript">
if (self =3D=3D=3D top) {
var antiClickjack =3D document.getElementById("antiClickjack");
antiClickjack.parentNode.removeChild(antiClickjack);
} else {
top.location =3D self.location;
}
</script>

and this after the <body>
<noscript>
<style type=3D"text/css">body{display:block !important;}</style>
<p class=3D"nonjsAlert">
To access many of the new PayPal features, you'll need to turn on
JavaScript and enable cookies. You can do this in your web browser's
settings area.</p>
</noscript>
which gets interpreted only if javascript is disabled.

HTH

Adolfo Abegg

Adolfo Abegg
Engineering
adolfo.abegg (at) vendoservices (dot) com [email concealed]

www.vendoservices.com
Mobile: +34627419815
Fax: +34933028355
Skype contact: adolfo.abegg.tc

IMPORTANT: This email message is intended only for the use of the
individual to whom, or entity to which, it is addressed and may
contain information that is privileged, confidential and exempt from
disclosure under applicable law. If you are NOT the intended
recipient, you are hereby notified that any use, dissemination,
distribution or copying of the communication is strictly prohibited.
If you have received this communication in error, please notify me
immediately. Thank you.

On Fri, Jun 21, 2013 at 3:31 PM, Andre Silaghi
<andre.silaghi (at) googlemail (dot) com [email concealed]> wrote:
> hi community,
>
> I am curious about your way of getting rid of iframes within large -
> enterprise - networks. The problem is that a couple of websites are
> trying to infect you using drive-by downloads mostly via iframes
> within hijacked websites. The firewalls will not do it since it
> operates only in osi level 3 or 4 but not within the application level
> where iframes are usually transfered via http.
>
> Is there any solution you could propose?
>
> best regards,
> andré
>
> ------------------------------------------------------------------------

> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------

>

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus