Also known as "Scripting by Access". The very nice util - WebWasher - that I've been shamelessly recommending ;) does the +same job + more.
Brian Weeden wrote:
"Click Jacking" (more formerly known as "UI Redressing" is the process where you hide a page with links in an HTML layer behind another page. So when the user loads the page and thinks they are clicking on Punch the Monkey, they are really clicking links to give someone access to their eBay account or something similarly nefarious. Check out this demo: http://snipurl.com/clickjack Fortunately, the NoScript add-on for Firefox comes with protection against this sort of attack. And it works whether or not you have scripting enabled on a page. More info for those that want to know: http://www.grc.com/securitynow.htm#168 --------------------------- Brian Weeden Technical Consultant Secure World Foundation <http://www.secureworldfoundtion.org> +1 (514) 466-2756 Canada +1 (202) 683-8534 US
