A malicious action such as stealing confidential information that is perpetrated against a user who is browsing a Web site. The user is "hijacked" by "clicking" a link on a Web page that executes a bogus script. See CSRF.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2009 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- IE8 outperforms competing browsers in malware protection -- again
- Well the credibility of the test is extremely...suspect since the winner is also the sponsor, why even print it. Well I guess according to these resultsNon-IE users are more gullible than IE users, but otherwise IE and Firefox are statistically tied.Another MS "study" proves that MS is...
- Discussion threads 2009-08-19
- IE8 outperforms competing browsers in malware protection -- again
- A recently released study by NSS Labs is once again claiming that based on their internal tests, Microsoft's Internet Explorer 8 outperforms competing browsers like Google's Chrome, Mozilla's Firefox, Opera and Apple's Safari in terms of protecting their users against "socially engineered malware" and phishing attacks. Not...
- Blog posts 2009-08-19
- Mozilla tackles XSS vulnerabilities with new technology
- Mozilla's security engineers are working on new technology that promises to mitigate a large class of Web application vulnerabilities, especially the cross-site scripting XSS plague against modern Web browsers. The project, called Content Security Policy, is designed to shut down XSS attacks by providing a mechanism for...
- Blog posts 2009-06-22
- Apple Safari jumbo patch: 50+ vulnerabilities fixed
- Apple has shipped a whopper of a Safari browser update to fix more than 50 vulnerabilities, some rated extremely critical. The latest fixes, available in the new Safari 4.0, corrects a wide range of code execution and denial-of-service vulnerabilities and even comes with a fix for the...
- Blog posts 2009-06-08
- Web 2.0 Expo: Top ten Web hacking techniques
- A large portion of the Web 2.0 Expo attendees are focused on content. They want to create better, more engaging content for social media programs and Web engagement with their customers. But the Web and application developers behind this content need to know how to secure it. This is what...
- Blog posts 2009-04-01
- Financial Fraud and Internet Banking: Threats and Countermeasures
- To reach the gullible as well as the experienced, cybercriminals are developing new attack methods and new traps. One example is clickjacking. Also known as UI redress attack, this web-related structural weakness can fool users when they view a web page made of two layers. While users believe they are...
- White papers 2009-04-01
- Study: IE8's SmartScreen leads in malware protection
- Study: IE8's SmartScreen leads in malware protectionWhaaaaat?"does it really matter that IE8?s outperforms the rest of the browsers in times when IE8 users are downgrading to IE7?"So, IE8 quickly picked up adoption throughout the week-end and suddently on monday it drops.I would expect that from Informationweek (who are actually behind...
- Discussion threads 2009-03-24
- Adobe: Full-featured Flash 10 coming to a smartphone near you; Apple stand-off continues
- Adobe: Full-featured Flash 10 coming to a smartphone near you; Apple stand-off continuesFlash is running too slow on the device to be usefulsaid Jobs. Heck, it even runs slooowly on a fully grown desktop computer! And I can imagine Flash lite taking away too much.So what to do? I think...
- Discussion threads 2009-02-16
- Twitter's active users grow 900% in one year
- Twitter is growing at a phenomenal rate, according to an employee post on the Twitter blog. Just how phenomenal? Try this: Active users have increased 900% in a year, and two times the traffic that Twitter's website receives heads to Twitter's APIs -- meaning that far more...
- Blog posts 2009-02-13
- News to know: Stimilus bill, Twitter Twestival, Microsoft stores, Netflix, Facebook value
- Here are today’s notable headlines. You can get News To Know via email alert and RSS daily . For continuous updates see BNET’s around-the-Web tech coverage Andrew Nusca: Broadband tax credit cut from stimulus bill Sam Diaz: Tech will see direct, indirect benefits from...
- Blog posts 2009-02-13
- Twitter and the dangers of clickjacking
- Twitter and the dangers of clickjackingMore InformationI provide some technical details and a demo that shows how it works for anyone who is interested:http://shiflett.org/blog/2009/feb/twitter-dont-click-exploitClickjack could really screw up DTVYou'd never get the correct channel.Could you imagine purchasing firewall equipment for your Television?"Today DTV just got hit by a Malware Trojan...
- Discussion threads 2009-02-12
- Twitter and the dangers of clickjacking
- Right now -- yes, right now, as you're reading this post -- Twitter users are, well, a-twitter about an innocent but indicative joke that some clever person just played on half the Twitterverse. The trick? A simple clickjacking maneuver, sent via a user to his or her...
- Blog posts 2009-02-12
- ACLs Don't
- The ACL model is unable to make correct access decisions for interactions involving more than two principals, since required information is not retained across message sends. Though this deficiency has long been documented in the published literature, it is not widely understood. This logic error in the ACL model is...
- White papers 2009-02-06
- Google plugs ‘high-risk’ holes in Chrome browser
- Google plugs ‘high-risk’ holes in Chrome browserBig Brother (spy-eye) is monitoring you.....With the Google desktop search, google tool bar, google toilet paper you are covered from head to toe monitoring!Plus, ALL of the private data is being scanned and sheep follow it because it is so cool.I use a scrapper...
- Discussion threads 2009-01-29
- Flaw exposes Chrome, Firefox to clickjacking
- Flaw exposes Chrome, Firefox to clickjackingStonewalling over IE???How about the flaw in IE 6? IE 7?? After all, most users would be on one of those...not IE 8. LOVE how the headline leaves IE out and focuses on Chrome and Firefox.Whoa!Microsoft actually on top of security issues...
- Discussion threads 2009-01-29
- Google: no evidence of a Gmail vulnerability
- Google: no evidence of a Gmail vulnerabilityGmail problems ignored by google!Apparently my gmail page was hacked and infected by the clickjacking worm/trojan/bot. After months (April? August to date)struggling with an undetectable (by AV/computer pros) clickjacking problem, I infected a new laptop computer by clicking on the link to my sophos...
- Discussion threads 2008-11-27
- Adobe ships fix for clickjacking, clipboard hijack threats
- Adobe ships fix for clickjacking, clipboard hijack threatsLooking for a macbook?[b]Apple[/b] says that patch is currently scheduled for early November.What do you have in mind? :PRE: Adobe ships fix for clickjacking, clipboard hijack threatsHave they made 10 any easier to deploy in the enterprise?Just installed it on my Linux systemsI've...
- Discussion threads 2008-10-16
- News to know: Less is more, Windows 7, Firefox 3.1, Google
- Here are today’s notable headlines. You can get News To Know via email alert and RSS daily: Mary-Jo Foley: Microsoft plays up ‘less is more’ as its holiday retail message Deb Perelman: Signs your company might soon go belly-up Christopher Lochhead:...
- Blog posts 2008-10-16
- Adobe ships fix for clickjacking, clipboard hijack threats
- Adobe has released Flash Player 10 Techmeme discussion with a chock-full of major security improvements, including patches and mitigation for at least five serious security vulnerabilities. The vulnerabilities covered with Flash Player 10 could allow an attacker to bypass the software's security controls, Adobe warned. ...
- Blog posts 2008-10-15
- Opera bitten by 'extremely severe' browser bug
- Opera bitten by 'extremely severe' browser bugThanks for the heads upUpgrading to Opera 9.6 now.RE: Opera bitten by 'extremely severe' browser bugDid that yesterday when they released it. However I wish that they could patch the "Clickjecking" vulnerability. I know this "Clickjacking" vulnerability is part of the older HTML spec...
- Discussion threads 2008-10-09
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
- Reduce risk. Reduce complexity. Increase reliability.
-
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
- Learn more >>
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
> Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
- Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
