Comments on: Clickjacking Protection by Default

By: ross alba

ross alba — Sat, 01 Nov 2008 07:03:29 +0000

give it atry

By: | TechUniverse

| TechUniverse — Tue, 14 Oct 2008 08:37:51 +0000

[…] ultime versioni dell’italica estensione, oltre a impedire l’esecuzione di elementi Flash o codice JavaScript non gradito, introducono […]

By: Clickjacking - Scary New Cross Brower Exploit

Clickjacking - Scary New Cross Brower Exploit — Thu, 09 Oct 2008 02:37:19 +0000

[…] solution at the moment is to use Firefox with Noscript(an extension for Firefox) addons since specific anti-clickjacking countermeasures are included in latest version (1.8.2) of NoScript. Opera users need to disable Java, Javascript […]

By: Hello ClearClick, Goodbye Clickjacking! | 洋葱圈

Hello ClearClick, Goodbye Clickjacking! | 洋葱圈 — Wed, 08 Oct 2008 11:49:09 +0000

[…] NoScript 1.8.2.1 is out, featuring the announced new anti-clickjacking countermeasures enabled by default, independent from IFRAME and plugin […]

By: hackademix.net » Hello ClearClick, Goodbye Clickjacking!

hackademix.net » Hello ClearClick, Goodbye Clickjacking! — Tue, 07 Oct 2008 22:27:53 +0000

[…] Clickjacking Protection by Default 08 10 2008 […]

By: Shadow Security - ¿Clickjacking con Firefox y NoScript instalado? (II)

Shadow Security - ¿Clickjacking con Firefox y NoScript instalado? (II) — Tue, 07 Oct 2008 00:06:50 +0000

[…] la información ya que Maone confirma lo preguntado por mí y también menciona que en NoScript se habilita la protección de IFRAMES por defecto en la última versón y en 0×000000 confirman lo dicho por Maone. Además Maone también explica algunas formas de […]

By: Giorgio

Giorgio — Sat, 04 Oct 2008 14:48:21 +0000

@questioner:
If Ronald did not disclose the OBJECT-based IFRAME blocking work-around, I would have said just wait for 1.8.2 keeping “Forbid IFRAME” on, but now there’s a slight chance some bad guy already figured how clickjacking works (easy) and deems valuable the extra effort to bypass IFRAME protection (less likely), therefore my recommendation to get 1.8.1.9 — thank Ronald for this hassle ;)
Anyway I’ll release 1.8.2 tomorrow at most.

By: questioner

questioner — Sat, 04 Oct 2008 14:41:09 +0000

Hi - I have a question because I am a little confused:

As an usual everyday user - is there a special reson (like an accute actual security threat) to make this very big upgrade neccessary? or can I simply wait until the newest versions (my actual here is V. 1.8.1.3) without any harm???

By: rvdh

rvdh — Sat, 04 Oct 2008 01:55:39 +0000

Curious, it seems fixed as well in the new build I just tested. Good job Giorgio! I can get some sleep again :)

By: rvdh

rvdh — Sat, 04 Oct 2008 01:29:30 +0000

I was saying: You forgot EMBED SRC="" as well. it got stripped somehow.