Recently, attackers have discovered how to use hyperlinks to implement a security attack on our personal computers, a ruse called clickjacking (CJ). CJ doesn’t exploit a bug or a misconfigura- tion that might exist in a system, as in many other typical attacks, but instead exploits a Web page’s intrinsic capability to implement hyperlinks, a well-known and widespread feature in which almost all of us trust, to date. In this article, we describe a practical example of how an attacker can implement a CJ attack and discuss possible countermeasures.
Frightened by Links / Franco Callegati; Marco Ramilli. - In: IEEE SECURITY & PRIVACY. - ISSN 1540-7993. - STAMPA. - 7:(2009), pp. 72-76. [10.1109/MSP.2009.177]
Frightened by Links
CALLEGATI, FRANCO;RAMILLI, MARCO
2009
Abstract
Recently, attackers have discovered how to use hyperlinks to implement a security attack on our personal computers, a ruse called clickjacking (CJ). CJ doesn’t exploit a bug or a misconfigura- tion that might exist in a system, as in many other typical attacks, but instead exploits a Web page’s intrinsic capability to implement hyperlinks, a well-known and widespread feature in which almost all of us trust, to date. In this article, we describe a practical example of how an attacker can implement a CJ attack and discuss possible countermeasures.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
