UK security firm Context Information Security Ltd., is making available a browser-based tool that will demonstrate clickjacking techniques that were discussed at a Blackhat Europe 2010 presentation.
On the Context site, they said “Clickjacking is a term first introduced by Jeremiah Grossman and Robert Hansen in 2008 to describe a technique whereby an attacker tricks a user into performing certain actions on a website by hiding clickable elements inside an invisible iframe.
“Although it has been two years since the concept was first introduced, most websites still have not implemented effective protection against clickjacking. In part, this may be because of the difficulty of visualising how the technique works in practice.”
“The tool is currently in an early beta stage, and works best in Firefox 3.6. Full support for other browsers will follow shortly.”
Context Ltd. piece here.
Tom Kelchner