, 2008-10-21
When the first details trickled out about a new attack, dubbed “clickjacking” by the researchers who found it, the descriptions made me think of the tricks I used to pull during penetration tests ten years ago to get administrator privileges: Tricking the user into issuing a command on an attacker’s behalf is one of the oldest attack vectors in the book.
Anonymous
"In the end, browser makers and plug-in developers need to find a way -- even if it inhibits design flexibility -- to let the user trust that what they see is what they will get."
So for the old technique to trick an admin with a command line interface, is there any good way to "let...
[ more ]