I have to say, this is definitely one of our better episodes. We’re joined this week by Robert “Rsnake” Hansen of SecTheory and Jeremiah Grossman of WhiteHat Security as they discuss their new clickjacking exploit. Robert and Jeremiah kind of stumbled onto a serious browser issue, the details of which started leaking before they really knew what they had. They responsibly decided to hold back the details as some of the worst parts of this are fixed, but were able to share some generalities, the story of how this all happened, and what you can expect when the details are finally exposed.

Before delving into clickjacking, we also spend some time on electronic voting and the top 10 ways to tell if you’ve been exploited (number 11 is if you’ve ever visited ha.ckers.org). Jeremiah and Robert are good friends, so there’s plenty of us having fun at each others expense.

Network Security Podcast, Episode 122. September 30, 2008

Show Notes:

Posted by rmogull, filed under Uncategorized. Date: September 30, 2008, 4:42 pm | 4 Comments »

4 Responses

  1. “Clickjacking” The Network Security Podcast | securosis.com Says:

    [...] You can download the episode here, and full show notes are at NetSecPodcast.com. [...]

  2. Network Security Blog » Network Security Podcast, Episode 122 Says:

    [...] Show Notes [...]

  3. Martin Says:

    This *was* one of the best podcasts to date… Great interview, good discussion.

    Well done, guys. Look forward to the next ‘cast…

    Speaking of the next episode: I’d be interested on y’alls take on the new DSS. How much of a headache to you think Tier 1 merchants are going to have? (enlightened self-interest on my part, to be honest..) What about QSA to QSA differences in interpretation???


  4. Friday Summary | securosis.com Says:

    [...] This week on the Network Security Podcast 123, guests Robert “Rsnake” Hansen of SecTheory and Jeremiah Grossman of WhiteHat Security as they [...]

Leave a Comment

Your comment

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.