Home page logo
/

basics logo Security Basics mailing list archives

Re: Eliminate iframes
From: Adolfo Abegg <adolfo.abegg () vendoservices com>
Date: Fri, 21 Jun 2013 16:53:57 +0200

Look, this is the way paypal does it (I just copied it from their front
page source code)

They have this in the <head> section
                <style type=3D"text/css" id=3D"antiClickjack">
   body {display: none !important;}
   </style>
  <script type=3D"text/javascript">
if (self =3D=3D=3D top) {
 var antiClickjack =3D document.getElementById("antiClickjack");
antiClickjack.parentNode.removeChild(antiClickjack);
 } else {
top.location =3D self.location;
 }
</script>

and this after the <body>
<noscript>
    <style type=3D"text/css">body{display:block !important;}</style>
    <p class=3D"nonjsAlert">
    To access many of the new PayPal features, you'll need to turn on
JavaScript and enable cookies. You can do this in your web browser's
settings area.</p>
</noscript>
which gets interpreted only if javascript is disabled.


HTH



Adolfo Abegg


Adolfo Abegg
Engineering
adolfo.abegg () vendoservices com

www.vendoservices.com
Mobile: +34627419815
Fax: +34933028355
Skype contact: adolfo.abegg.tc

IMPORTANT: This email message is intended only for the use of the
individual to whom, or entity to which, it is addressed and may
contain information that is privileged, confidential and exempt from
disclosure under applicable law.  If you are NOT the intended
recipient, you are hereby notified that any use, dissemination,
distribution or copying of the communication is strictly prohibited.
If you have received this communication in error, please notify me
immediately. Thank you.


On Fri, Jun 21, 2013 at 3:31 PM, Andre Silaghi
<andre.silaghi () googlemail com> wrote:
hi community,

I am curious about your way of getting rid of iframes within large -
enterprise - networks. The problem is that a couple of websites are
trying to infect you using drive-by downloads mostly via iframes
within hijacked websites. The firewalls will not do it since it
operates only in osi level 3 or 4 but not within the application level
where iframes are usually transfered via http.

Is there any solution you could propose?

best regards,
andré

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault