Microsoft Weighs In on Clickjacking

Microsoft sure doesn't seem too worried about clickjacking. Should it be? Should you be? With all the recent buzz about clickjacking, a blog post is long overdue. So this afternoon I contacted Microsoft's PR agency with the simplest softball question and some opportunity to promote Internet Explorer 8 security.

My, but did I get an unexpected response. My question: "Is there anything new in IE 8 that helps thwart or even prevents clickjacking? If so, can you put me on the phone with somebody to discuss the topic?"

Instead, I got a general statement attributed to Bill Sisk, Microsoft's security response communications manager: "Microsoft is investigating new public claims of a possible vulnerability in Internet browsers and is in dialogue with the researcher. We're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact." Public claims? I dunno. US-CERT issued a warning on Sept. 26 about clickjacking based on Adobe Flash proof of concepts. "Public" is right. "Claims," maybe not.