"Clickjacking" is all over the news lately. For the uninitiated, it's a set of techniques discovered by Jeremiah Grossman and Robert Hansen that allows an attacker to transparently capture a user's clicks, forcing the user to do all manner of unpleasant things ranging from adjusting security settings to unwittingly visiting websites with malicious code.
The vectors for this attack include all the major browsers and Flash. In co-operation with Adobe, the discoverers delayed public discussion to allow a patch to be created. In the intervening time, other researchers have made partial disclosures, but this is your chance to join co-discoverer Jeremiah Grossman for a Black Hat webcast that deals with the attack from all sides. Bring your questions - we'll have a Q&A session after the presentation.
Jeremiah Grossman is the founder and CTO of WhiteHat Security, considered a world-renowned expert
in Web security, co-founder of the Web Application Security Consortium, and named to InfoWorld's Top 25 CTOs for 2007. Mr. Grossman is
a frequent speaker at major industry events around the globe, a Black Hat veteran, and has been invited to present at a number of
large universities. He has authored dozens of articles and white papers; is credited with the discovery of many cutting-edge attack
and defensive techniques; and is a co-author of XSS Attacks. Mr. Grossman is frequently quoted in major media publications such as
InfoWorld, USA Today, PCWorld, Dark Reading, SC Magazine, SecurityFocus, Cnet, SC Magazine, CSO, and InformationWeek. Prior to WhiteHat
he was an information security officer at Yahoo!
Eric Lawrence is a Security Program Manager on the Internet Explorer 8 team. He recently spoke at Hack in the Box 2008 and the O'Reilly Velocity Conference. Prior to his current role, Eric was responsible for networking and HTTPS improvements in IE7. Outside of Microsoft, Eric is best known as the developer of the Fiddler web debugging platform, used by security and web professionals worldwide.
WhiteHat Security is the leading provider of SaaS-based website security solutions. WhiteHat enables companies to secure valuable customer data from attack, attain compliance and safeguard brand integrity. WhiteHat Sentinel, the company’s flagship solution, combines WhiteHat’s proprietary vulnerability assessment technology with expert oversight to ensure total, worry-free website security.
Black Hat USA 2009
July 25-30
Caesars Palace
Las Vegas, NV
Training July 25-28
Briefings July 29-30
Black Hat USA Briefings Main page is online now.
Find out about our 2009 venue, Caesars Palace.
Black Hat Webcasts
On the third Thursday of every month, Black Hat does a free infosec webcast. Meet security thought leaders and get your questions answered.
Can't make it to our live webcast events? Subscribe to the Black Hat Webcast RSS feed and take the webcasts with you in podcast form.
Upcoming Topics
Black Hat Social
LinkedIn
LinkedIn members can join our Black Hat Group and post news articles of interest to the community, make connections and discuss security topics.
Facebook
We have a Facebook fan page now. Please check us out there - share your ideas, your photos, and your videos with us.
Flickr
Check out our Black Hat photostream. Comment. Contribute. Got great pix? Share with the community.
Twitter
Find out what's going on with Black Hat in real time by following us on Twitter. Meet other Black Hat speakers and attendees, share what matters to you.
Delicious
When something in the news catches our eye at Black Hat HQ, we post the link on Delicious.