API's that Suck

March 29, 2010

Security, Superstitions, and Stackoverflow

Filed under: Uncategorized — Grauenwolf @ 2:37 pm

Today I needed to translate a Stackoverflow post. Most translators including Google and Bing use frames, which Stackoverflow doesn’t like. So I write to them to inform them of the problem.

This was their response:

Hello,

That’s present to present malicious framing, see:

http://www.codinghorror.com/blog/2009/06/we-done-been-framed.html

http://stackoverflow.com/questions/958997/frame-buster-buster-buster-code-needed

 

The first link has this conclusion,

Yes, Digg frames ethically, so your frame-busting of the DiggBar will appear to work. But if the framing site is evil, good luck. When faced with a determined, skilled adversary that wants to frame your contnet, all bets are off. I don’t think it’s possible to escape. So consider this a wakeup call: you should build clickjacking countermeasures as if your website could be framed at any time.

The second link includes step-by-step instructions to counter “frame-busting” code.

So basically their stance is that frame-busting code is worthless, but they are going to use it anyways. Am I missing something or have they completely lost their mind?

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: