- From: Giorgio Maone <g.maone@informaction.com>
- Date: Thu, 03 May 2012 18:07:59 +0200
- To: "Hill, Brad" <bhill@paypal-inc.com>
- CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
Ooops, your slides reminded me that in the ClearClick algorithm
description I failed again to mention how it does provide
"Cursorjacking" protection: in step #5 ("Obstruction check") the mouse
pointer's appearance is checked too, and if found hidden or otherwise
modified we jump to #6 ("User notification") and #7 ("Interaction
cancellation").
-- G
On 03/05/2012 17:39, Hill, Brad wrote:
> Attached are some slides for my agenda item on server-side anti-clickjacking. I have a more detailed paper almost done, but I don't want to release it until I get my references right.
>
>> -----Original Message-----
>> From: Giorgio Maone [mailto:g.maone@informaction.com]
>> Sent: Wednesday, May 02, 2012 6:12 PM
>> To: Hill, Brad
>> Cc: public-webappsec@w3.org
>> Subject: Re: [webappsec] DRAFT agenda for F2F
>>
>> On 26/04/2012 22:14, Giorgio Maone wrote:
>>
>>>> 9:45-10:45 Client-side approaches to
>>>> anti-clickjacking (Lin-Shung Huang?, Maone?) - TENTATIVE
>>>
>>> Like I previously said I can't be phisically there, but I'll make a
>>> high level description of ClearClick's inner workings available on the
>>> web and join the #webappsec IRC channel.
>>
>> Attached and on http://noscript.net/downloads/ClearClick_WAS2012.pdf
>>
>> "See" you tomorrow.
>> -- G
Received on Thursday, 3 May 2012 16:08:22 UTC