Welcome, Guest. Please Login or Register.
Search
Members
Login
Register
   Mischel Internet Security Forum
   Internet Security
   General (Moderators: Helena, Gavin_Coe, Magnus)
   Clearing cookies kicks clickjacking to the kerb?		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Clearing cookies kicks clickjacking to the kerb?  (Read 1046 times)
doubledown
Full Member
***





   


Posts: 172
Clearing cookies kicks clickjacking to the kerb?
« on: Sep 30th, 2008, 11:48am »		 Quote Quote  Modify Modify
Reading Magnus's interesting blog here on clickjacking -  
 
http://blog.misec.net/2008/09/30/clickjacking-the-new-browser-security-t hreat/
 
 - prompted me to wonder, in the light of the statement that:  
 
"This works because most often the cookie will be set [...] and the user will already be logged in."
 
 - if in principle this could be defeated by always clearing all cookies after visiting/logging in to a known good website - or not allowing them to be set in the first place?
 
Or what about just simply logging out, and not even worrying about additional cookie-clearing?
« Last Edit: Sep 30th, 2008, 11:49am by doubledown » IP Logged
Magnus
Administrator
*****



Ad astra per aspera.

   
WWW  

Posts: 4523
Re: Clearing cookies kicks clickjacking to the ker
« Reply #1 on: Sep 30th, 2008, 2:00pm »		 Quote Quote  Modify Modify
Both of those methods should work fine. Just logging out seems to be the simplest solution.
IP Logged
Follow me on Twitter: http://twitter.com/mmischel
doubledown
Full Member
***





   


Posts: 172
Re: Clearing cookies kicks clickjacking to the ker
« Reply #2 on: Oct 1st, 2008, 9:50am »		 Quote Quote  Modify Modify
Thanks for your reply Magnus - it's good to know that some fairly basic and obvious/sensible precautions can help to nullify this threat.
 
Most websites with logins now seem to be reasonably good at presenting the user with a prominent logout prompt but there are still some you come across where the logout is a bit obscurely positioned and not well thought out, so it doesn't encourage good practices in this respect.
IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »