Dec 15

Let’s bust some frames

by wired4destruction
Add comments
Security

You may have learn about a form of web attack known as clickjacking. If not, now is a good time. If you own a website, you should seriously consider adding frame busting code to prevent your site from being loaded in a frame.

Frame busting can be easily achieved with some simple Javascript:

<script type="text/javascript">

if(top != self)
  top.location.replace(document.location);

</script>

Just add the code above between the <head> and </head> tags of your webpages.

As a user, there is something you can do as well to protect yourself. Run NoScript. Don’t confuse this with the HTML <noscript> tag. NoScript is a Firefox extension that enables you to control which Javascripts are allowed to execute. It has a ClearClick feature that can detect potential clickjacking attempts. You will probably find NoScript to be really annoying to start with but it can protect you from a lot more than clickjacking.

Del.icio.us
Digg
Reddit
Technorati
This entry was posted on Monday, December 15th, 2008 at 01:19 and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 comments so far

Very interesting.. when you say website, does that include blogs?

KM
December 16th, 2008 at 22:17

Yeap, blogs included. As for the likelihood of one being attacked? I’m not sure of the statistics. If for no other reasons, I don’t like seeing my webpages in someone else’s frame.

wired4destruction
December 17th, 2008 at 00:59

You’ve been awarded the Honest Scrap Award!

KM
December 21st, 2008 at 18:20

Leave a Comment

Name (required)

Mail (will not be published) (required)

Website

Comment