I have to say, this is definitely one of our better episodes. We’re joined this week by Robert “Rsnake” Hansen of SecTheory and Jeremiah Grossman of WhiteHat Security as they discuss their new clickjacking exploit. Robert and Jeremiah kind of stumbled onto a serious browser issue, the details of which started leaking before they really knew what they had. They responsibly decided to hold back the details as some of the worst parts of this are fixed, but were able to share some generalities, the story of how this all happened, and what you can expect when the details are finally exposed.
Before delving into clickjacking, we also spend some time on electronic voting and the top 10 ways to tell if you’ve been exploited (number 11 is if you’ve ever visited ha.ckers.org). Jeremiah and Robert are good friends, so there’s plenty of us having fun at each others expense.
Network Security Podcast, Episode 122. September 30, 2008
Show Notes:
- Open Source Electronic Voting
- Top 10 ways to know you’ve been exploited.
- Clickjacking, clickjacking, and more clickjacking.
- Tonight’s music: The Hollyfelds, Stars at Night
September 30th, 2008 at 4:51 pm
[...] You can download the episode here, and full show notes are at NetSecPodcast.com. [...]
October 1st, 2008 at 5:31 pm
[...] Show Notes [...]
October 2nd, 2008 at 4:49 am
This *was* one of the best podcasts to date… Great interview, good discussion.
Well done, guys. Look forward to the next ‘cast…
Speaking of the next episode: I’d be interested on y’alls take on the new DSS. How much of a headache to you think Tier 1 merchants are going to have? (enlightened self-interest on my part, to be honest..) What about QSA to QSA differences in interpretation???
Cheers!
October 3rd, 2008 at 1:00 pm
[...] This week on the Network Security Podcast 123, guests Robert “Rsnake” Hansen of SecTheory and Jeremiah Grossman of WhiteHat Security as they [...]