Recently, attackers have discovered how to use hyperlinks to implement a security attack on our personal computers, a ruse called clickjacking (CJ). CJ doesn’t exploit a bug or a misconfigura- tion that might exist in a system, as in many other typical attacks, but instead exploits a Web page’s intrinsic capability to implement hyperlinks, a well-known and widespread feature in which almost all of us trust, to date. In this article, we describe a practical example of how an attacker can implement a CJ attack and discuss possible countermeasures.
Franco Callegati, Marco Ramilli (2009). Frightened by Links. IEEE SECURITY & PRIVACY, 7, 72-76 [10.1109/MSP.2009.177].
Frightened by Links
CALLEGATI, FRANCO;RAMILLI, MARCO
2009
Abstract
Recently, attackers have discovered how to use hyperlinks to implement a security attack on our personal computers, a ruse called clickjacking (CJ). CJ doesn’t exploit a bug or a misconfigura- tion that might exist in a system, as in many other typical attacks, but instead exploits a Web page’s intrinsic capability to implement hyperlinks, a well-known and widespread feature in which almost all of us trust, to date. In this article, we describe a practical example of how an attacker can implement a CJ attack and discuss possible countermeasures.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
