Disclosure of Major New Web 'Clickjacking' Threat Deferred

Look in this specific forum for newly found security threats which may not yet be covered by your usual security software

Moderators: Admin Team, Moderators

User avatar
TeMerc
Site Admin
Site Admin
Posts: 15995
Joined: Fri Jan 28, 2005 5:16 pm
Area Of Expertise: Security
experience: I know the functions, OS settings, registry tweaks and more
PC time: What else is there in life?
Location: PHX, AZ
Contact:

Disclosure of Major New Web 'Clickjacking' Threat Deferred

Postby TeMerc » Tue Sep 16, 2008 12:58 pm

SEPTEMBER 16, 2008 | 3:25 PM

By Kelly Jackson Higgins
Senior Editor, Dark Reading

Details of a new major Web attack that could potentially affect millions of users won’t see the light of day next week as planned after the researchers who discovered it agreed to hold off on disclosing their find until Adobe comes up with a patch for its product.

Renowned Web security researchers Robert "RSnake" Hansen and Jeremiah Grossman late yesterday pulled their presentation "New 0-Day Browser Exploits: Clickjacking - yea, this is bad" from the upcoming OWASP USA security conference in New York, after Adobe requested that the researchers give them time to come up with a patch for one of its applications before they release their proof-of-concept code.

“It surprised us that Adobe took ownership over an attack technique that we considered to be the responsibility of the browser vendors,” says Grossman, who also blogged on the decision to drop the OWASP (Open Web Application Security Project) talk. “They want to protect their users as best they can no matter what. So when that happened, we had to put the disclosure brakes on.”

nwz Continued @ Dark Reading
Image

Return to “EMERGING SECURITY THREATS!”

Who is online

Users browsing this forum: No registered users and 1 guest