A new white paper from Carnegie Mellon University describes alternative clickjacking attacks that do not reply on the use of iframes.
Lin-Shung Huang and Collin Jackson announced the overview white paper Clickjacking Attacks Unresolved describing their research topic, references to related research and example demonstrations. The paper outlines how using the X-Frame-Options header and anti-framing code are recommended but are not a complete solution. The authors are continuing with their research, which will include advice on countermeasures.
So, one to watch.
Posted on: 08 July 2011 at 08:12 hrs