Dailydave mailing list archives
Re: "ClickJacking"
From: "The Dark Tangent" <dtangent () defcon org>
Date: Fri, 26 Sep 2008 16:43:05 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The mighty invisible div tag strikes. I think a big part of it is dependence on iframes, and under options - plugins on noscript you can disable <iframe>. Haven't tested how effective that is yet. On Opera you can disable/enable iframes on a per site basis, on firefox it is all or nothing frame support. On firefox it is about:config and then disable browser.frames.enabled. The only site I've seen that break so far is the bbc and non-basic html version of gmail. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.7.2 (Build 1608) Charset: US-ASCII wsBVAwUBSN1zuA6+AoIwjTCUAQiS7QgAlmOCNK71dJgrnhQ5S2NN7RnvJx7oWyl6 TM9fSkSWie5MgNe2rB2Zh6rwRTG6z0uvhy7C0V7/83CttrgLmJmOZ3TcKbsH5Qh0 m9LMb4Jt7NJLVu5pSpTORxbTvd/N2zZRFRa9XsPBH3ukO+trpVZFjHOWb8acmLxl 0yxvj5ocd0+55C9tPC1M74BfDOuOGKjXo+w9EaEysMwcXUH11ewoqif/c637UMDj cDNsN2JSWCBp/NyNsffOHuIdQdHAsHMOlhK+ddlDTA+hrWOjrX4lguOnFeyyjaFf fm0jqz6QLRjP8CeKpv+QhisrDIZf4bQ1Nnb+8BZBHW7ERBOaCm/nkA== =FI13 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- "ClickJacking" Dave Aitel (Sep 25)
- Re: "ClickJacking" Michal Zalewski (Sep 25)
- Re: "ClickJacking" The Dark Tangent (Sep 29)
- Re: "ClickJacking" Michal Zalewski (Sep 25)