Comments on: Ehy IE8, I Can Has Some Clickjacking Protection?

By: Giorgio

Giorgio — Fri, 19 Jun 2009 15:30:56 +0000

@Jeff Atwood:
My users are protected by NoScript :D

Anyway, what about this one:

if (top != self) {
top.location.replace(location);
location.replace(”about:blank”); // want me framed? no way!
}

Seen here ;)

By: Jeff Atwood

Jeff Atwood — Fri, 19 Jun 2009 06:41:29 +0000

"To sum up, there’s always been a well known and accepted server-side protection option which works everywhere except in IE."

Um, no. And if you believe that framebusting can’t be defeated, then your users are going to get owned.

http://www.codinghorror.com/blog/archives/001277.html

By: noam

noam — Sun, 22 Feb 2009 07:17:41 +0000

i installed a web application firewall- software solution. it protects layer 7, web applications. but how can i know if it protects also against clickjacking? http://www.applicure.com

By: IE8.0 and Clickjacking | Secdefence.Com

IE8.0 and Clickjacking | Secdefence.Com — Thu, 19 Feb 2009 01:15:24 +0000

[…] sure you’ve heard about the new IE8.0 Clickjacking protection here, here and probably most importantly here on the IE blog. It’s probably time I explain exactly […]

By: Cross Site Scripting » Blog Archive » Hackademix.Net » Ehy Ie8, I Can has Some Clickjacking Protection?

Fri, 30 Jan 2009 16:47:14 +0000

[…] We’ve been preaching about XSS holes and other web programming errors for years, but developers still fall in the same pitfalls over and over again: if the guys in Redmond really believed that web security could be fixed …$anchor_text[$anchor_choice] […]

By: La billeterie » Blog Archive » Clickjacking

La billeterie » Blog Archive » Clickjacking — Fri, 30 Jan 2009 15:32:59 +0000

[…] http://hackademix.net/2009/01/27/ehy-ie8-i-can-has-some-clickjacking-protection/ Convenience is number one factor in keeping browsers secure […]

By: IE8.0 and Clickjacking « Covil Inc.

IE8.0 and Clickjacking « Covil Inc. — Fri, 30 Jan 2009 15:21:40 +0000

[…] sure you’ve heard about the new IE8.0 Clickjacking protection here, here and probably most importantly here on the IE blog. It’s probably time I explain exactly […]

By: hackademix.net » X-IFRAME-OPTIONS in Firefox

hackademix.net » X-IFRAME-OPTIONS in Firefox — Fri, 30 Jan 2009 00:12:15 +0000

[…] I promised in my previous posts about so called IE8’s “Clickjacking protection”, some hours ago I released the […]

By: Fenixnordic Group » Blog Archive » Why IE8’s ‘ClickJacking’ Solution Won’t Help Most Users

Thu, 29 Jan 2009 18:46:53 +0000

[…] Giorgio Maone, the developer behind Firefox’s NoScript Add-on, explains "there’s always been a well known and accepted server-side protection option which works […]

By: Clickjacking: Internet Explorer 8 non è immune, dicono - The New Blog Times

Clickjacking: Internet Explorer 8 non è immune, dicono - The New Blog Times — Wed, 28 Jan 2009 23:00:42 +0000

[…] Giorgio Maone, che di NoScript è l’autore, in un suo dettagliatissimo e circostanziato post nel suo […]