Microsoft's IE8 RC1 Adds "ClickJacking" Protection

[mkrishnan]

http://www.pcworld.com/article/158355/microsoft_adds_clickjacking_protection_to_ie8_rc1.html

Clickjacking lets hackers put a transparent filter on sites so they can view what information a user is accessing and what activities that user is doing, said James Pratt, an IE senior product manager at Microsoft. For example, if someone is on a bank Web site, attackers can use clickjacking to see the user's bank information and acquire passwords, and the user will not know the information is being viewed remotely, he said.

The security feature that thwarts clickjacking in IE8 RC1 allows Web-site content owners to put a tag in a page header that will help detect and prevent clickjacking. If a site that uses the IE8 tag detects clickjacking, it will give Web users an error screen letting them know that the content host has chosen not to allow that content, and gives them the option to open the content in a new window that is protected from the attack.

Sounds like a good addition, although the metadata in the header of the HTML page needs to be modified to make it work. It seems like it might be good to have a more active sensing form of this, that does not require such a modification.