Security Basics mailing list archives
Re: Eliminate iframes
From: Adolfo Abegg <adolfo.abegg () vendoservices com>
Date: Fri, 21 Jun 2013 16:53:57 +0200
Look, this is the way paypal does it (I just copied it from their front page source code) They have this in the <head> section <style type=3D"text/css" id=3D"antiClickjack"> body {display: none !important;} </style> <script type=3D"text/javascript"> if (self =3D=3D=3D top) { var antiClickjack =3D document.getElementById("antiClickjack"); antiClickjack.parentNode.removeChild(antiClickjack); } else { top.location =3D self.location; } </script> and this after the <body> <noscript> <style type=3D"text/css">body{display:block !important;}</style> <p class=3D"nonjsAlert"> To access many of the new PayPal features, you'll need to turn on JavaScript and enable cookies. You can do this in your web browser's settings area.</p> </noscript> which gets interpreted only if javascript is disabled. HTH Adolfo Abegg Adolfo Abegg Engineering adolfo.abegg () vendoservices com www.vendoservices.com Mobile: +34627419815 Fax: +34933028355 Skype contact: adolfo.abegg.tc IMPORTANT: This email message is intended only for the use of the individual to whom, or entity to which, it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are NOT the intended recipient, you are hereby notified that any use, dissemination, distribution or copying of the communication is strictly prohibited. If you have received this communication in error, please notify me immediately. Thank you. On Fri, Jun 21, 2013 at 3:31 PM, Andre Silaghi <andre.silaghi () googlemail com> wrote:
hi community, I am curious about your way of getting rid of iframes within large - enterprise - networks. The problem is that a couple of websites are trying to infect you using drive-by downloads mostly via iframes within hijacked websites. The firewalls will not do it since it operates only in osi level 3 or 4 but not within the application level where iframes are usually transfered via http. Is there any solution you could propose? best regards, andré ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Eliminate iframes Andre Silaghi (Jun 21)
- Re: Eliminate iframes Adolfo Abegg (Jun 21)
- Message not available
- Re: Eliminate iframes Andre Silaghi (Jun 23)
- Message not available
- Re: Eliminate iframes Andre Silaghi (Jun 26)
- Re: Eliminate iframes Joshua Trabing (Jun 26)
- Re: Eliminate iframes Andre Silaghi (Jun 26)