Clicking to the Past

Clicking to the Past
Chris Wysopal, 2008-10-21

When the first details trickled out about a new attack, dubbed “clickjacking” by the researchers who found it, the descriptions made me think of the tricks I used to pull during penetration tests ten years ago to get administrator privileges: Tricking the user into issuing a command on an attacker’s behalf is one of the oldest attack vectors in the book.

Clicking to the Past 2008-11-19
Anonymous

I don't know about you but I don't make a habit of opening mysterious archive files from unknown sources and then extracting them, as root(/bin:/sbin/...), to directories in my path. As for the mysterious and omnipotent button on my banks website, does this subversive little button also magically ex...

[ more ]