Clickjacking 2017

Comments Off on Clickjacking 2017

Date of prediction: 2009-06-03

»The future: Long standing Web application security scourges such SQL Injection (SQLi), Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF) are finally under control. Remaining buffer overflow issues are considered fossilized evidence of a prior era. Cyber criminals out of necessity have evolved their attack portfolios to include Clickjacking as a preferred method for tricking their victims into propagating malware, defrauding themselves, and initiating other forms a malicious acts. Clickjacking, a long-known and fundamental design problem in the way the Web works, had not until 2017 garnered the respect necessary to be taken seriously. Now with significant damage increasing and loses mounting, the issue has forced website owners and browser developers to scramble for solutions to a problem nearly a decade in the making. Or so the story may go should history repeats itself.«

(Jeremiah Grossman: Clickjacking 2017)


Meta: Jack’s Pandering Pentagram of Prognostication

Comments Off on Meta: Jack’s Pandering Pentagram of Prognostication

Making predictions is a common exercise in the security industry and elsewhere. If you want to participate but feel unsure how to make effective predictions, the Pandering Pentagram of Prognostication is the tool you have been waiting for:

»The five points of the pentagram represent the key elements of “good” predictions, get them all and your prediction will land in the center of the pentagram, assuring a center brain shot to your victim. I mean reader. Whatever.«


P.S.: The New School seems also tired of flaky predictions.

2010 Web Application Security Predictions

1 Comment

Date of prediction: 2010-01-18

Ryan Barnett predicted for 2010:

  • Web-based Worms Will Migrate Off Social Networking Sites
  • Planting of Malware Will Become a Top Concern
  • Attacks Against Web-based Critical Infrastructure Components
  • HTTP Denial of Service Attacks Will Take Down Important Sites

Conficker status check

1 Comment

Date of prediction: 2009-04-23

Conficker, the computer worm, will continue to be mentioned in the media. It will continue to do little actual damage, though. No spectacular large-scale attack will be carried out using the Conficker botnet.

(This prediction is backed by some research of others on Conficker.)