, 2008-10-21
When the first details trickled out about a new attack, dubbed “clickjacking” by the researchers who found it, the descriptions made me think of the tricks I used to pull during penetration tests ten years ago to get administrator privileges: Tricking the user into issuing a command on an attacker’s behalf is one of the oldest attack vectors in the book.
Expand all |
Post comment
"In the end, browser makers and plug-in developers need to find a way -- even if it inhibits design flexibility -- to let the user trust that what they see is what they will get."
So for the old technique to trick an admin with a command line interface, is there any good way to "let the user trust that what they see is what they will get"?
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/483/35226#35226