I know I have been talking a lot about my teacher, and my Network Security class, but seriously, I am picking up some kick ass stuff in there. Anyway, he mentioned this little nasty in class the other day about a relatively new internet vulnerability called Clickjacking.
This particular threat was supposed to be discussed at the recent OWASP NYC Appsec 2008 event, but was canceled at the request of Adobe until they and other vendors to could work out a possible fix. Adobe was particularly vocal about the cancellation because the vulnerability largely was due to one of their products.
If you haven't heard of it, what it is according to Arstechnica:
The term "clickjacking" refers to a process by which a user is forced to click on a link without his or her knowledge—the link itself may be nearly invisible or visible for only a fraction of a second.
On a much scarier note, this exploit is nearly impossible to defend against, however, according to Giorgio Maone, who created the "No-Script" Firefox plugin, this attack can be mitigated. Maone said in an email to ZDNet's Ryan Naraine, that No-Script can mostly protect you against the attack with the default settings, but for 100% protection you have to look at the Forbid IFRAME option.
Do you know of other methods to protect from this attack? Do you know of anyone that has fallen victim to it? I want to know. Hit me up in the comments.