What is "clickjacking" and should you be concerned about it?

Chenxi Wang

I am at the first national OWASP conference in New York this week, giving a talk on Web 2.0, consumerization, and application security. There is much discussion at the conference about "clickjacking," partially because the researchers weren’t given permission to do an open session, which of course further fanned the interest.

Earlier today, CERT issued a statement on clickjacking, warning that multiple browsers, including IE, Firefox, Safari, Opera, and Chrome, are all vulnerable to the attack.

Read more