27
02
2009
Twitter's Clickjacking Saga Continues
Posted by: Giorgio in Clickjacking, Mozilla, NoScriptThe latest epiphany of the vicious Clickjacking poltergeist that Twitter apparently can't exorcise has a tiny face :)
February 27th, 2009 at 8:41 pm
"Do you need a bigger one" would be a nice Clickjacking question. ;)
February 27th, 2009 at 10:14 pm
I was wondering .. how come giorgio didn't plug noScript here with the usual -- ONLY NOSCRIPT's ClearJack technology will protect against this etc.
but then I found there was a mention of that on the actual page ...
(ok .. I love noscript .. so don't mark me as a troll..just that your last so many posts have gotten me pissed)
February 27th, 2009 at 10:20 pm
@duryodhan:
it's never said enough. Did you notice that The Register failed to mention it, for instance? And the name is ClearClick, actually :P
February 28th, 2009 at 7:18 am
@duryodhan: It needs to be repeated until the tech community, the tech media, and the public at large learn that Fx with NS is the safest possible browser, and that no other comes close. And if the statement is true, which it is, why shouldn't it be said? Cheers!
March 3rd, 2009 at 11:01 am
Yay! Tiny face is spreading
March 3rd, 2009 at 9:31 pm
Hi!
I did put in the settings clearclick protection on both trusted and untrusted sites. Could you add a white listing mechanism that will remember like a" photo "( specific ID ) to this case, and if it don't changed-will not ask me again?
I think, it is not enough to separate to white and black, because scripts can be changed on trusted sites by malware/hacker too.
Moreover, i think this analogy you can spread on all NoScript. Any script in trusted list will have an specific ID, if it will be changed - user will be noticed with ability to action.
April 13th, 2009 at 1:28 pm
[...] heard the tweets: after several other security issues, including “exotic” ones like Clickjacking or JSON hijacking, Twitter is in serious troubles again, this time with a XSS worm which quickly [...]