UI Redressing / Clickjacking
Hosted by IT-Security Stammtisch Paderborn
Tweet ShareSpeaker: Marcus Niemietz
Topic: UI Redressing / Clickjacking
Language: English
Talk's start time: 17:15 (5:15pm)
Talk's duration: roughly 90 minutes
Abstract:
UI Redressing (UIR) describes a set of powerful attacks which can be used to circumvent browser security mechanisms like sandboxing and the Same-Origin Policy. In essence, an attacker wants to lure a victim into performing actions out of context by commonly making use of social engineering techniques in combination with invisible elements and hijacked trustworthy events. Introduced in 2008, clickjacking was the first UIR attack which made it possible to automatically hijack the camera respectively microphone of the victim by stealing a few left-clicks within a Flash-based browser game.
This talk shows fundamentals, attacks, and countermeasures of UIR in depth. In addition to well known techniques, research results like case studies of UIR attacks will be presented.
Meeting Information:
We will meet up in gather.town.
To organize the virtual room, we need to know how many people attend; please mark your attendance here.
Gather.town allows you to virtually walk around and talk to people (based on proximity), we specifically chose it for that reason. So feel free to talk to people after the presentation. If you don't know gather.town feel free to experiment a bit with it prior to the meeting.
This talk is part of the Web Security lecture at the University of Paderborn.