dcsimg
 
 
 

Clickjacking at Top Websites Beaten By Researchers

 
 
By Channel Insider Staff
 
 
 
Four researchers from Stanford and Carnegie Mellon outlined how frame busting, a protection meant to defeat clickjacking, can be circumvented on Twitter and other popular sites.

The term clickjacking was first used in 2008 by WhiteHat Security CTO Jeremiah Grossman and Robert "RSnake" Hansen, CEO of SecTheory. In order to combat the attack, websites instituted techniques known as frame busting, which prevent a site from running when it is loaded inside a frame.

According to researchers from Stanford University and Carnegie Mellon University, frame-busting isn't as effective at preventing clickjacking as hoped. An analysis of the Top 500 websites ranked by Alexa found all of the frame busting implementations could be circumvented. Some of the circumventions were browser-specific, while others worked across all browsers, the researchers found.

READ MORE >>
This article was originally published on 2010-05-28