Archive for July 11th, 2011

Last week a couple of interesting and novel Clickjacking techniques have been published:

  1. Cross-domain content extraction via framed view-source
  2. Double-clickjacking (or, as I prefer to call it, Rapid fire cross-site interaction)

Both involve a tiny amount of social engineering (#2 requires JavaScript, too), but as you can see they are totally feasible.

Needless to say, recent NoScript versions neutralize them no matter if JavaScript is enabled or not, thanks to specific enhancements in NoScript’s unique anti-Clickjacking protection module, ClearClick.

Bad Behavior has blocked 8625 access attempts in the last 7 days.