Tyler Close is a researcher and developer of secure collaboration software. He has presented his work at conferences such as BlackHat, Financial Cryptography, WWW 2008 and SOUPS, as well as serving as an editor for the W3C. Close is a researcher at Hewlett-Packard Labs in Palo Alto, CA.
Tyler Close's Blog
A clickjacking attack can be used to direct seemingly benign mouse clicks to
...privileged buttons. For example, you may think you're playing a game, when
you're actually starting a webcam recording. Using only CSS and HTML, an
attacker can create a transparent IFRAME of a victim web page that contains
privileged buttons.
The announcement of the clickjacking research ignited interest in a number of
Web exploits, some of which seem new and others similar to known exploits.
Already, there's lots of discussion of possible workarounds, mainly focused
on changes to the application's user interface, or the browser's rendering
logic.
While the flexibility of the browser's user interface languages gives
clickjacking a polished look, this flexibility isn't actually what enables
these attacks. That blame lies with the ambient authority model used by most
we... (more)
Tyler Close is a researcher and developer of secure collaboration software. He has presented his work at conferences such as BlackHat, Financial Cryptography, WWW 2008 and SOUPS, as well as serving as an editor for the W3C. Close is a researcher at Hewlett-Packard Labs in Palo Alto, CA.
Scott Sellers
Anthony Franco
Daniel Morris
Wayne Walls
Niki Acosta
Jereme Hancock
Oren Michels
Marvin Wheeler
Douglas Kim
Ken Guiberson
