Ie8's Clickjacking Protection Will Have 'zero Impact

[Peaches]

IE8's clickjacking protection will have 'zero impact,' says researcher

More info from Microsoft doesn't change opinion of researcher who reported problem By Gregg Keizer January 28, 2009 (Computerworld)

" Microsoft Corp. provided more iformation today about how Internet Explorer's new anti-clickjacking feature works, but one of the researchers who first reported the problem last year said it will have "zero impact" on protecting users. Clickjacking is the term given last September to a new class of browser-based attacks that tricks users into clicking on site buttons or Web forms. Such attacks hide malicious actions under the cover of a legitimate site, and they theoretically can be used to empty online bank accounts, secretly turn on Web cameras or even change a computer's security settings to make it vulnerable to additional attack. In a post to the IE blog late yesterday, Microsoft program manager Eric Lawrence provided the first technical details of the new feature, which debuted in Internet Explorer 8 Release Candidate 1 (IE8 RC1), the preview launched Monday. According to Lawrence, the defense relies on Web application and site developers sending the browser an HTTP response header, dubbed "X-Frame-Options" to restrict how the page may be framed. "

Computerworld - read article: http://www.computerworld.com/action/articl...;intsrc=hm_list