
Details of Clickjacking Attack Revealed With Online Spying Demo - apgwoz
http://www.cgisecurity.org/2008/10/details-of-clic.html
======
axod
Surely the fix: Change the button so it says "Allow users to view my cam"
instead of "click here", and disallow anything from changing the style of it.

Doesn't seem like a big threat to me. Any evidence it's a threat for anything
other than flash settings?

~~~
apgwoz
That's not the problem though. The problem is that there's a layer on top of
the flash which clicks still register to. There doesn't have to be a button at
all, it just so happens that this example uses a button (controlled via
javascript on this extra layer) that knows the pattern of where to click to
allow the cam/mic to be used.

------
tyohn
Yeah but how many clicks does it take to get to the center of a tootsie roll
tootsie pop?

~~~
apgwoz
I've never made it without biting. Ask Mr. Owl.

