 |
 |
Is anybody out there conversant on click jacking vulnerablities. --US-CERT Issues Warning on Clickjacking (September 26 & 29, 2008) Concerns about clickjacking, a cross-platform browser attack technique, have prompted the US Computer Emergency Readiness Team (US-CERT) to issue a warning. Until a fix is available, users can protect themselves by disabling scripting and plug-ins in their browsers. The researchers who discovered the clickjacking vulnerability had planned to present their findings at a conference in September, but grew concerned about the technique's severity and chose to notify vendors and allow them time to develop fixes. http://www.informationweek.com/news/security/vulnerabilities/showArticle.jht ml?articleID=210604261 http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti cleId=9115818&source=rss_topic17 http://www.us-cert.gov/current/index.html#multiple_web_browsers_affected_by http://ha.ckers.org/blog/20081007/clickjacking-details/ Source: SANS NewsBites Vol. 10 Num. 78 If so what conclusion did you come to and what did you recommend that your users do? Maybe the university's Info Sec Rep Could chime in on this one? LD