[Ads-l] Six-day antedating of "clickjacking"

Hugo hugovk at GMAIL.COM
Tue Sep 13 14:59:39 EDT 2016


Added in this quarter's update, the OED's first quotation for "clickjacking" is:

---
2008   Network World (Nexis) 18 Sept.   Two security researchers..were
going to demonstrate how they could seize control of a victim's
browser using an online attack called ‘clickjacking’.
---

It looks like those two researchers, Jeremiah Grossman and Robert
"RSnake" Hansen, came up with the term as part of the title of a talk
they were to deliver at a conference.

The title changed a few times; the first with "clickjacking" was 12
September 2008:

---
"New 0-Day Browser Exploits Clickjacking - yea, this is bad..."
---

https://www.owasp.org/index.php?title=OWASP_NYC_AppSec_2008_Conference&oldid=39531

Here's the diff showing it was first added then:

https://www.owasp.org/index.php?title=OWASP_NYC_AppSec_2008_Conference&diff=prev&oldid=39531

Here's a paper titled "Clickjacking" by both researchers, dated 12
September 2008:

---
Clickjacking, however, evades the need for this cross domain reading,
and instead directly places the mouse over the target area to click on
the link or form that contains the nonce - thereby bypassing the need
for client side cross domain read exploitation.
---

http://www.sectheory.com/clickjacking.htm

The authors used it in an email to the organiser and on their blogs on
15th September 2008:

http://alanzeichick.com/2008/09/possible-clickjacking-security-flaws-in.html
http://blog.jeremiahgrossman.com/2008/09/cancelled-clickjacking-owasp-appsec.html
https://web.archive.org/web/20080918071053/http://ha.ckers.org/blog/20080915/clickjacking/

Hugo

------------------------------------------------------------
The American Dialect Society - http://www.americandialect.org


More information about the Ads-l mailing list