Busting frame busting a study of clickjacking vulnerabilities on popular sites

Gustav Rydstedt; Elie Bursztein; Dan Boneh; Collin Jackson

Available Media

Publication (Pdf)

Slides

Conference

Web 2.0 Security and Privacy 2010

Authors

Gustav Rydstedt , Elie Bursztein , Dan Boneh , Collin Jackson

Citation

Web framing attacks such as clickjacking use iframes to hijack a user's web session. The most common defense, called frame busting, prevents a site from functioning when loaded inside a frame. We study frame busting practices for the Alexa Top-500 sites and show that all can be circumvented in one way or another. Some circumventions are browser-specific while others work across browsers. We conclude with recommendations for proper frame busting.

This large-scale study demonstrates, by surveying 17280 participants, that existing toxicity classifiers fail to generalize to the diverse concerns of Internet users.

We propose a comprehensive online hate and harassment taxonomy derived from analyzing over 150 interdisciplinary research papers that cover disparate threats ranging from intimate partner violence to coordinated mobs.

We analyze over 1.2 billion email-based phishing and malware attacks against Gmail users to understand which factors place a person at heightened risk of being targeted.