The latest epiphany of the vicious Clickjacking poltergeist that Twitter apparently can't exorcise has a tiny face :)

7 Responses to “Twitter's Clickjacking Saga Continues”

  1. #1 Basti says:

    "Do you need a bigger one" would be a nice Clickjacking question. ;)

  2. #2 duryodhan says:

    I was wondering .. how come giorgio didn't plug noScript here with the usual -- ONLY NOSCRIPT's ClearJack technology will protect against this etc.

    but then I found there was a mention of that on the actual page ...

    (ok .. I love noscript .. so don't mark me as a troll..just that your last so many posts have gotten me pissed)

  3. #3 Giorgio says:

    @duryodhan:
    it's never said enough. Did you notice that The Register failed to mention it, for instance? And the name is ClearClick, actually :P

  4. #4 Tom T. says:

    @duryodhan: It needs to be repeated until the tech community, the tech media, and the public at large learn that Fx with NS is the safest possible browser, and that no other comes close. And if the statement is true, which it is, why shouldn't it be said? Cheers!

  5. #5 Tom Graham says:

    Yay! Tiny face is spreading

  6. #6 drongo says:

    Hi!
    I did put in the settings clearclick protection on both trusted and untrusted sites. Could you add a white listing mechanism that will remember like a" photo "( specific ID ) to this case, and if it don't changed-will not ask me again?
    I think, it is not enough to separate to white and black, because scripts can be changed on trusted sites by malware/hacker too.
    Moreover, i think this analogy you can spread on all NoScript. Any script in trusted list will have an specific ID, if it will be changed - user will be noticed with ability to action.

  7. #7 hackademix.net » Mikeyy's StalkDaily Twitter Worm vs NoScript says:

    [...] heard the tweets: after several other security issues, including “exotic” ones like Clickjacking or JSON hijacking, Twitter is in serious troubles again, this time with a XSS worm which quickly [...]

Bad Behavior has blocked 3231 access attempts in the last 7 days.