Hosted by IT-Security Stammtisch PaderbornTweet Share Share
Speaker: Marcus Niemietz
Topic: UI Redressing / Clickjacking
Talk's start time: 17:15 (5:15pm)
Talk's duration: roughly 90 minutes
UI Redressing (UIR) describes a set of powerful attacks which can be used to circumvent browser security mechanisms like sandboxing and the Same-Origin Policy. In essence, an attacker wants to lure a victim into performing actions out of context by commonly making use of social engineering techniques in combination with invisible elements and hijacked trustworthy events. Introduced in 2008, clickjacking was the first UIR attack which made it possible to automatically hijack the camera respectively microphone of the victim by stealing a few left-clicks within a Flash-based browser game.
This talk shows fundamentals, attacks, and countermeasures of UIR in depth. In addition to well known techniques, research results like case studies of UIR attacks will be presented.
We will meet up in gather.town. To organize the virtual room, we need to know how many people attend; please mark your attendance here.
Gather.town allows you to virtually walk around and talk to people (based on proximity), we specifically chose it for that reason. So feel free to talk to people after the presentation. If you don't know gather.town feel free to experiment a bit with it prior to the meeting.
This talk is part of the Web Security lecture at the University of Paderborn.