There is some more information from Coding Horror here: http://www.codinghorror.com/blog/archives/001171.html
It's mostly social engineering magic, but annoying nonetheless, Your being signed in does open some pathways that could be more malicious I think, though. Regards, Sam Merrell On Fri, Feb 13, 2009 at 15:50, Gavin Schulz <[email protected]> wrote: > Well, as the next commenter said, that does not completely solve the > problem. You must take an action to do that, and its not really a security > concern. > ---- > Gavin Schulz > Working on a stealth start-up > Sent from: Dundas Ontario Canada. > > On Fri, Feb 13, 2009 at 4:46 PM, Matthew Terenzio <[email protected]>wrote: > >> >> >> On Fri, Feb 13, 2009 at 4:40 PM, Gavin Schulz <[email protected]>wrote: >> >>> I'm not sure exactly what you mean by frame-breaker JS? Could you >>> explain? >>> >> >> I believe he is referring to the supposed response by Twitter to add: >> >> if (window.top !== window.self) { window.top.location.href = >> window.self.location.href; } >> >> There is some discussion in the comments below. there are apparantly a >> number of ways around the fix. >> >> http://james.padolsey.com/general/clickjacking-twitter/#comment-5095 >> > > > _______________________________________________ > Laconica-dev mailing list > [email protected] > http://mail.laconi.ca/mailman/listinfo/laconica-dev > >
_______________________________________________ Laconica-dev mailing list [email protected] http://mail.laconi.ca/mailman/listinfo/laconica-dev
