Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Tuesday, November 18, 2008

ClickClear and Clickjacking
How does NoScript protect me from Clickjacking and other UI-redressing attacks?
Default protections provided by NoScript, i.e. JavaScript and plugin blocking can prevent most clickjacking attacks.
To be 100% protected against clickjacking, though, you should enable also Forbid IFRAME; and possibly apply these restrictions to trusted sites as well.
While some users are confortable with these ultra-hardened settings, they can get cumbersome for others.
Fortunately, since version 1.8.2 NoScript provides a new default kind of protection called ClearClick, which defeats clickjacking no matter if you block frames or not.

No comments: