Microsoft Talk

IE8’s Clickjacking Fix Not Much Help, Experts Say

Microsoft

New Microsoft technology designed to protect Internet Explorer users from a powerful new Web-based attack will not fix the problem, security experts said Tuesday.

NoScript lets users selectively block the use of scripting languages within the Firefox browser. Because clickjacking requires scripting, the attack doesn’t work when NoScript is enabled.

For months, Maone’s plug-in has been the best-known technology for thwarting clickjacking. With the IE 8 test code, however, Microsoft finally has its own alternative.

To help the situation, Maone is developing a compatibility feature so that NoScript users will be able to take advantage of the same Web code used by IE, and he is now lobbying to have this feature included in an upcoming version of Firefox.

Hansen and Maone also criticized Microsoft for holding off on technical details of the technology. “Even though they implemented that, they haven’t given guidance on how to actually use it,” Hansen said.

In an e-mailed statement, Microsoft said that it planned to put up a blog post on the anti-clickjacking feature sometime this week and that it had worked with all major browser vendors “to get feedback and input on our implementation of the clickjacking tag before shipping Internet Explorer 8 RC1.”

That post might be helpful. As things stand now, it looks like “the feature doesn’t allow the user to protect themselves,” said Jeremiah Grossman, chief technology officer with White Hat Security.

Hansen said that Microsoft developers first proposed their IE8 clickjacking fix several months ago when he first described the problem to them. “I dismissed it as not a long-term, viable solution to clickjacking,” he said.

Did You Enjoy this Post? Subscribe to Microsoft Talk. It's Free!

« Back Home

Posted in Announcements on January 28th, 2009

Link to this Entry Email This Entry

About Microsoft Talk

My name is Brick ONeil, and I’ve been with the 451 Press Network since March 2007. I’m the new blogger for Microsoft Talk. We’ll be discussing ‘About Microsoft’ itself. What’s happening, who’s coming/going, what new technologies they’re coming out with, updates and upgrades. I’ll try to bring you news each day that impacts your daily life and use of Microsoft products, or just interesting information I think you’ll enjoy

Microsoft Talk Author(s)

My Home Page Contact Me

Blogging Flair

Get this widget!

Technology Channel Posts

Cell Phones + Social Networks = Love?
[caption id="attachment_262" align="alignnone" width="128" caption="Social Networks"][/caption]Wireless industry ready to interface with Facebook, MySpace and Bebo Everybody at this week's Mobile [...]
LG X120 Netbook
LG Electronics has announced it is launching their newest netbook called the LG X120. The laptop is a cute one with only 10.1″ screen with backlit. Powering it is an Intel Atom processor [...]
Uniea Haptique HardShell Case for MacBook
This hardshell cases for the new MacBook aluminum are made of ABS plastic coupled with soft touch coating. It offers a textured feel, almost leather like, and protects the surface of the laptop [...]
Haier shows off it's offerings to the masses
[caption id="attachment_1757" align="alignnone" width="600" caption="Haier netb ook, G1 and G2"][/caption]The fine folks over at Haier shows off mysterious "NetBooks," Android phones Haier's [...]
Hackers target Gamers
[caption id="attachment_887" align="alignnone" width="128" caption="Xbox"][/caption]Although I'm not a gamer, everyone should be aware of hackers and malware. According to microsoft, What's the [...]
Microsoft Equips Individuals With New Training Resources Needed for Jobs
[caption id="attachment_733" align="alignnone" width="109" caption="Microsoft"][/caption]Second time around for this bit of news, but very apropos in today's business climate. Microsoft Corp. [...]
LG Phone's Transparent Keypad Expected to "Make A New Fashion Statement"
[caption id="attachment_259" align="alignnone" width="950" caption="Transluscent Phone"][/caption][caption id="attachment_258" align="alignnone" width="500" caption="LG GD-900"][/caption]Firmware or [...]
Preorder Nokia N86 at Expansys
[caption id="attachment_1754" align="alignnone" width="162" caption="Nokia N86"][/caption]Engadget breaks this story: European markets can expect to see Nokia's N86 handset on or about July 22, [...]
Microsoft Tests Vista SP2, Readies Windows 7 Updates
[caption id="attachment_884" align="alignnone" width="116" caption="Vista"][/caption]Lots coming out of Redmond these days. Service Pack 2 for Windows Vista and Windows Server 2008 is reportedly [...]
Five Steps to an E-friendly Résumé
[caption id="attachment_730" align="alignnone" width="128" caption="Resume on Outlook"][/caption]With today's economy and layoffs, we all need all the help we can get when searching for jobs. MSN [...]

Hot Off The Press

CMU predicted to finish second in MAC West by media
DETROIT – Rather than being the hunted this season, the Central Michigan football team will have to do the hunting. [...]
W. Golf. Women's Golf Signs Three For 2010-11 Season
The Auburn women's golf team will welcome three newcomers to The Plains this season as Diana Fernandez, Marta Sanz and Caitlin Watts all are set to join the team in time for the upcoming 2010-11 [...]
Kellermann to play professionally overseas; Van signs with Irish pro team
A former Central Michigan basketball player will continue to play at the next level. Chris Kellermann recently signed a one-year contract with BBC Heffingen, a professional basketball team in [...]

451 Press

IE8’s Clickjacking Fix Not Much Help, Experts Say

Recent Posts

Related Posts

Leave a Reply

About Microsoft Talk

Blogroll

NAVIGATE

LINKS

CATEGORIES

TOP COMMENTERS

RECENT COMMENTS

SUBSCRIBE

ARCHIVES

Blogging Flair

Technology Channel Posts

Hot Off The Press