Lecture 24: User Interface (UI) Attacks
Note: Together, lectures 23 and 24 cover three topics (CSRF, Impersonation Attacks, UI Attacks). Each topic is about 30-35 minutes long.
How does clickjacking subvert the same-origin policy?
(True/false) If we enabled dialogue boxes asking for confirmation on every website, clickjacking attacks would never work.
(True/false) Clickjacking attacks can only happen when you are visiting an attacker’s website.
Defense: Ensuring Visual Integrity
Defense: Enforcing Temporal Integrity