http://www.itsecpackets.com/blog/2008/12/30/clickjacking/ A Progammer explores the IT Security field; offering packets of useful information he picks up along the way. Tue, 05 Jan 2010 01:34:42 -0700 http://wordpress.org/?v=2.8.4 hourly 1 http://www.itsecpackets.com/blog/2008/12/30/clickjacking/comment-page-1/#comment-265 Meitar Moscovitz Wed, 31 Dec 2008 07:13:13 +0000 http://itsecpackets.com/blog/?p=68#comment-265 In a Web context, it's my understanding that most clickjacking attacks use transparent iframes. Since I can't think of a single legitimate site that uses iframes in a transparent way (what would be the point?), do you think a user style sheet such as <a href="http://maymay.net/blog/2008/12/29/clickjanecss-a-css-user-style-sheet-to-help-detect-and-avoid-clickjacking-attacks/" rel="nofollow">clickjane.css</a> is sufficient in most cases? If not, are there other ways to use modern browsers' capabilities of user style sheets to reveal such attempts? In a Web context, it’s my understanding that most clickjacking attacks use transparent iframes. Since I can’t think of a single legitimate site that uses iframes in a transparent way (what would be the point?), do you think a user style sheet such as clickjane.css is sufficient in most cases? If not, are there other ways to use modern browsers’ capabilities of user style sheets to reveal such attempts?

]]>