Clicking to the Past

Clicking to the Past
Chris Wysopal, 2008-10-21

When the first details trickled out about a new attack, dubbed “clickjacking” by the researchers who found it, the descriptions made me think of the tricks I used to pull during penetration tests ten years ago to get administrator privileges: Tricking the user into issuing a command on an attacker’s behalf is one of the oldest attack vectors in the book.

Expand all | Post comment

Clicking to the Past 2008-10-29
Anonymous

Clicking to the Past 2008-11-19
Anonymous (1 replies)

I don't know about you but I don't make a habit of opening mysterious archive files from unknown sources and then extracting them, as root(/bin:/sbin/...), to directories in my path. As for the mysterious and omnipotent button on my banks website, does this subversive little button also magically extract my eighteen character password without my knowing? Just curious.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/483/35244#35244

Re: Clicking to the Past 2008-11-19
Anonymous