The Art Of Click Jacking presented at HITBSecConf Malaysia 2007

by Mikko Hypponen,

Tags: Security Web Media Browser

Summary : Presentation Abstract:Clickjacking affects just about everyone using a Web browser and it’s time the full details are released.Think of any button (image, link, form, etc) on any website (internal or external) that you can get to appear between the Web browser walls. Wire transfer on banks, DSL router buttons, Digg buttons, CPC advertising banners, Netflix queue, etc. Next consider that an attacker can invisibly hover these buttons below the user’s mouse, so that when a user clicks on something they visually see, they’re actually clicking on something the attacker wants them to. Now, what could the bad guy do with that ability? The potential is limitless. The more Robert Hansen (CEO, SecTheory) and Jeremiah Grossman (CTO, WhiteHat Security) researched, the worse the exploits became. Several different flaws exposed themselves, making a once underestimated attack technique extremely scary.Mr Grossman will outline the fundamentals of clickjacking and give live demonstrations of the capabilities of this once underestimated attack.About Jeremiah:Jeremiah Grossman, founder and chief technology officer of WhiteHat Security, is a world-renowned expert in web application security and a founding member of the Web Application Security Consortium (WASC). At WhiteHat, Mr. Grossman is responsible for web application security R&D and industry evangelism. He is a frequent speaker at industry events including the BlackHat Briefings, ISACA’s Networks Security Conference, NASA, ISSA and Defcon. A trusted media resource, Mr. Grossman has been featured in USA Today, the Washington Post, Information Week, NBC Nightly News, and many others. Mr. Grossman is also a featured expert and frequent contributor on TechTarget’s SearchAppSecurity.com. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo!