Comments on: Twitter’s Clickjacking Saga Continues http://hackademix.net/2009/02/27/twitters-clickjacking-saga-continues/ Giorgio Maone's answers to the Web, the Universe, and Everything Wed, 08 Feb 2012 12:13:23 +0000 http://wordpress.org/?v=2.2.3 By: hackademix.net » Mikeyy's StalkDaily Twitter Worm vs NoScript http://hackademix.net/2009/02/27/twitters-clickjacking-saga-continues/#comment-11887 hackademix.net » Mikeyy's StalkDaily Twitter Worm vs NoScript Mon, 13 Apr 2009 11:28:59 +0000 http://hackademix.net/2009/02/27/twitters-clickjacking-saga-continues/#comment-11887 [...] heard the tweets: after several other security issues, including “exotic” ones like Clickjacking or JSON hijacking, Twitter is in serious troubles again, this time with a XSS worm which quickly [...] […] heard the tweets: after several other security issues, including “exotic” ones like Clickjacking or JSON hijacking, Twitter is in serious troubles again, this time with a XSS worm which quickly […]

]]> By: drongo http://hackademix.net/2009/02/27/twitters-clickjacking-saga-continues/#comment-11272 drongo Tue, 03 Mar 2009 19:31:14 +0000 http://hackademix.net/2009/02/27/twitters-clickjacking-saga-continues/#comment-11272 Hi! I did put in the settings clearclick protection on both trusted and untrusted sites. Could you add a white listing mechanism that will remember like a" photo "( specific ID ) to this case, and if it don't changed-will not ask me again? I think, it is not enough to separate to white and black, because scripts can be changed on trusted sites by malware/hacker too. Moreover, i think this analogy you can spread on all NoScript. Any script in trusted list will have an specific ID, if it will be changed - user will be noticed with ability to action. Hi!
I did put in the settings clearclick protection on both trusted and untrusted sites. Could you add a white listing mechanism that will remember like a" photo "( specific ID ) to this case, and if it don’t changed-will not ask me again?
I think, it is not enough to separate to white and black, because scripts can be changed on trusted sites by malware/hacker too.
Moreover, i think this analogy you can spread on all NoScript. Any script in trusted list will have an specific ID, if it will be changed - user will be noticed with ability to action.

]]> By: Tom Graham http://hackademix.net/2009/02/27/twitters-clickjacking-saga-continues/#comment-11266 Tom Graham Tue, 03 Mar 2009 09:01:46 +0000 http://hackademix.net/2009/02/27/twitters-clickjacking-saga-continues/#comment-11266 Yay! Tiny face is spreading Yay! Tiny face is spreading

]]> By: Tom T. http://hackademix.net/2009/02/27/twitters-clickjacking-saga-continues/#comment-11233 Tom T. Sat, 28 Feb 2009 05:18:42 +0000 http://hackademix.net/2009/02/27/twitters-clickjacking-saga-continues/#comment-11233 @duryodhan: It needs to be repeated until the tech community, the tech media, and the public at large learn that Fx with NS is the safest possible browser, and that no other comes close. And if the statement is true, which it is, why shouldn't it be said? Cheers! @duryodhan: It needs to be repeated until the tech community, the tech media, and the public at large learn that Fx with NS is the safest possible browser, and that no other comes close. And if the statement is true, which it is, why shouldn’t it be said? Cheers!

]]> By: Giorgio http://hackademix.net/2009/02/27/twitters-clickjacking-saga-continues/#comment-11232 Giorgio Fri, 27 Feb 2009 20:20:40 +0000 http://hackademix.net/2009/02/27/twitters-clickjacking-saga-continues/#comment-11232 @<b>duryodhan</b>: it's never said enough. Did you notice that <em>The Register</em> failed to mention it, for instance? And the name is <a href="http://noscript.net/faq#clearclick" rel="nofollow">ClearClick</a>, actually :P @duryodhan:
it’s never said enough. Did you notice that The Register failed to mention it, for instance? And the name is ClearClick, actually :P

]]> By: duryodhan http://hackademix.net/2009/02/27/twitters-clickjacking-saga-continues/#comment-11231 duryodhan Fri, 27 Feb 2009 20:14:27 +0000 http://hackademix.net/2009/02/27/twitters-clickjacking-saga-continues/#comment-11231 I was wondering .. how come giorgio didn't plug noScript here with the usual -- ONLY NOSCRIPT's ClearJack technology will protect against this etc. but then I found there was a mention of that on the actual page ... (ok .. I love noscript .. so don't mark me as a troll..just that your last so many posts have gotten me pissed) I was wondering .. how come giorgio didn’t plug noScript here with the usual — ONLY NOSCRIPT’s ClearJack technology will protect against this etc.

but then I found there was a mention of that on the actual page …

(ok .. I love noscript .. so don’t mark me as a troll..just that your last so many posts have gotten me pissed)

]]> By: Basti http://hackademix.net/2009/02/27/twitters-clickjacking-saga-continues/#comment-11227 Basti Fri, 27 Feb 2009 18:41:32 +0000 http://hackademix.net/2009/02/27/twitters-clickjacking-saga-continues/#comment-11227 "Do you need a bigger one" would be a nice Clickjacking question. ;) "Do you need a bigger one" would be a nice Clickjacking question. ;)

]]>