"Microsoft has introduced a release client version
of its latest browser, Internet Explorer 8 (IE8), and the new iteration
of the application includes several security improvements, including a
noteworthy attempt to address the emerging problem of clickjacking
attacks.
For those who don't recall, clickjacking
is a relatively new technique — first detailed in mid-2008 by
researchers Jeremiah Grossman and Robert Hansen, among others — which
involves using widely-available vulnerabilities to take control of an
end user's browser.
The idea is that simply by tricking a visitor into arriving at an
infected URL, an attacker can manipulate the affected end users' browser session
to get them to do just about anything the hackers desires, such as
downloading malware, and at the time it was first reported publicly,
there were clickjacking vulnerabilities available in just about every
major browser, including IE7.
Now, to carry out these kinds of campaigns, obviously the involved attackers need to both subvert Web sites (the more legitimate the better) and have the browser vulnerabilities available that allow them to deliver their code."
Read more: http://securitywatch.eweek.com/exploits_and_attacks/microsoft_goes_after_clickjacking_in_ie8.html
