nullcon Delhi 2012: Day 2's action

14/14

ClickedIn: Clickjacking in LinkedIn

Jovin Lobo demonstrates how the "Remove Connections‟ section of LinkedIn is vulnerable to clickjacking as part of the Desi Jugaad section. He explains how an attacker can perform a UI redress attack against this vulnerability by designing innocuous seeming webpages and tricking a logged in user into removing some of his/her existing connections.

Executive brief for this session (PDF)

<<In case you missed Day 1’s action, catch it here.

 



 

View All Photo Stories