- From: Giorgio Maone <g.maone@informaction.com>
- Date: Thu, 03 May 2012 18:07:59 +0200
- To: "Hill, Brad" <bhill@paypal-inc.com>
- CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
Ooops, your slides reminded me that in the ClearClick algorithm description I failed again to mention how it does provide "Cursorjacking" protection: in step #5 ("Obstruction check") the mouse pointer's appearance is checked too, and if found hidden or otherwise modified we jump to #6 ("User notification") and #7 ("Interaction cancellation"). -- G On 03/05/2012 17:39, Hill, Brad wrote: > Attached are some slides for my agenda item on server-side anti-clickjacking. I have a more detailed paper almost done, but I don't want to release it until I get my references right. > >> -----Original Message----- >> From: Giorgio Maone [mailto:g.maone@informaction.com] >> Sent: Wednesday, May 02, 2012 6:12 PM >> To: Hill, Brad >> Cc: public-webappsec@w3.org >> Subject: Re: [webappsec] DRAFT agenda for F2F >> >> On 26/04/2012 22:14, Giorgio Maone wrote: >> >>>> 9:45-10:45 Client-side approaches to >>>> anti-clickjacking (Lin-Shung Huang?, Maone?) - TENTATIVE >>> >>> Like I previously said I can't be phisically there, but I'll make a >>> high level description of ClearClick's inner workings available on the >>> web and join the #webappsec IRC channel. >> >> Attached and on http://noscript.net/downloads/ClearClick_WAS2012.pdf >> >> "See" you tomorrow. >> -- G
Received on Thursday, 3 May 2012 16:08:22 UTC