Tuesday, September 16, 2008

At Adobe's Request, Hackers Nix 'Clickjacking' Talk

Robert McMillan writes on InfoWorld:

After Adobe Systems asked them to keep quiet about their findings, two security researchers have pulled out of a technical talk where they were going to demonstrate how they could seize control of a victim's browser using an online attack called "clickjacking."

Robert Hansen and Jeremiah Grossman had been set to deliver their talk next week at the OWASP (Open Web Application Security Project) conference in New York. But the proof-of-concept code they'd developed to show how their clickjacking attack worked divulged a bug in one of Adobe's products. After a week of discussions with Adobe, the researchers decided last Friday to pull the talk.

Although Hansen and Grossman believe that the clickjacking flaw ultimately lies in the way that Internet browsers are designed, Adobe convinced them to hold off on their discussion until the company could release a patch. "Adobe thinks they can do something to make the hack harder," said Grossman, CTO with White Hat Security, in an interview.

More here.


Post a Comment

<< Home