Ie8's Clickjacking Protection Will Have 'zero Impact

Recommended Posts

IE8's clickjacking protection will have 'zero impact,' says researcher

More info from Microsoft doesn't change opinion of researcher who reported problem By Gregg Keizer January 28, 2009 (Computerworld)

" Microsoft Corp. provided more iformation today about how Internet Explorer's new anti-clickjacking feature works, but one of the researchers who first reported the problem last year said it will have "zero impact" on protecting users. Clickjacking is the term given last September to a new class of browser-based attacks that tricks users into clicking on site buttons or Web forms. Such attacks hide malicious actions under the cover of a legitimate site, and they theoretically can be used to empty online bank accounts, secretly turn on Web cameras or even change a computer's security settings to make it vulnerable to additional attack. In a post to the IE blog late yesterday, Microsoft program manager Eric Lawrence provided the first technical details of the new feature, which debuted in Internet Explorer 8 Release Candidate 1 (IE8 RC1), the preview launched Monday. According to Lawrence, the defense relies on Web application and site developers sending the browser an HTTP response header, dubbed "X-Frame-Options" to restrict how the page may be framed. "

Computerworld - read article:;intsrc=hm_list

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.