W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2012

[webappsec] New clickjacking research published

From: Hill, Brad <bhill@paypal-inc.com>
Date: Mon, 13 Aug 2012 18:36:55 +0000
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E1C2601@DEN-EXDDA-S12.corp.ebay.com>
Our UI Safety co-editor, David Lin-Shung Huang, has been doing some stellar anti-clickjacking research in the last year and a half.  We've been discussing ideas and implications from his research for the full lifetime of the WG, and I'm happy to announce that the final paper is now available to read after he presented it at USENIX Security last week:

http://websec.sv.cmu.edu/clickjacking/clickjacking.pdf

Congratulations to David, and highly recommended reading for anyone interested in the new spec.

Also of interest, Sebastian Lekies presented at the WOOT workshop co-located with USENIX, "On the Fragility and Limitations of Current Browser-Provided Clickjacking Protection Schemes".

https://www.usenix.org/conference/woot12/fragility-and-limitations-current-browser-provided-clickjacking-protection-schemes

-Brad Hill
Received on Monday, 13 August 2012 18:37:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 13 August 2012 18:37:29 GMT