http://simonwillison.net/2010-03-13T10:42:17+00:00Simon Willison2010-03-13T10:42:17+00:002010-03-13T10:42:17+00:00https://simonwillison.net/2010/Mar/13/facebook/#atom-tag

<p><strong><a href="http://theharmonyguy.com/2010/03/13/facebook-adds-code-for-clickjacking-prevention/?utm_source=feedburner&amp;utm_medium=feed&amp;utm_campaign=Feed%3A theharmonyguy %28Social Hacking%29">Facebook Adds Code for Clickjacking Prevention</a></strong></p> Clever technique: Facebook pages check to see if they are being framed (using window.top) and, if they are, add a div covering the whole page which causes a top level reload should anything be clicked on. They also log framing attempts using an image bug. <p>Tags: <a href="https://simonwillison.net/tags/clickjacking">clickjacking</a>, <a href="https://simonwillison.net/tags/facebook">facebook</a>, <a href="https://simonwillison.net/tags/framing">framing</a>, <a href="https://simonwillison.net/tags/joey-tyson">joey-tyson</a>, <a href="https://simonwillison.net/tags/phishing">phishing</a>, <a href="https://simonwillison.net/tags/security">security</a></p>

2009-10-17T16:55:39+00:002009-10-17T16:55:39+00:00https://simonwillison.net/2009/Oct/17/framing/#atom-tag

<blockquote cite="http://www.schneier.com/blog/archives/2009/10/the_commercial.html"><p>Whenever you build a security system that relies on detection and identification, you invite the bad guys to subvert the system so it detects and identifies someone else. [...] Build a detection system, and the bad guys try to frame someone else. Build a detection system to detect framing, and the bad guys try to frame someone else framing someone else. Build a detection system to detect framing of framing, and well, there's no end, really.</p></blockquote> <p class="cite">&mdash; <a href="http://www.schneier.com/blog/archives/2009/10/the_commercial.html">Bruce Schneier</a></p> <p>Tags: <a href="https://simonwillison.net/tags/bruce-schneier">bruce-schneier</a>, <a href="https://simonwillison.net/tags/framing">framing</a>, <a href="https://simonwillison.net/tags/security">security</a></p>