By Matthew Broersma
Researchers have begun publishing details of a new type of attack called ‘clickjacking’, which can lead users to malicious websites by tricking them into clicking on unseen elements in a web browser.

Jeremiah Grossman, chief technology officer of White Hat Security, and SecTheory chief executive Robert Hansen, began publicly discussing their research into what they call clickjacking, following the public release of a proof-of-concept exploit by another researcher.

Clickjacking is a set of different techniques for disguising elements such as dialogue boxes and links, so that the user can be fooled into changing security settings or visiting malicious websites, Grossman and Hansen said.

While the concepts associated with clickjacking are not new, the two researchers said the specific vulnerabilities they discovered affect an unusually broad range of software, namely Adobe Flash Player along with widely used browsers such as Internet Explorer, Opera, Firefox and Safari.

You can read more about this at