[Ads-l] Six-day antedating of "clickjacking"

Hugo hugovk at GMAIL.COM
Tue Sep 13 14:59:39 EDT 2016

Added in this quarter's update, the OED's first quotation for "clickjacking" is:

2008   Network World (Nexis) 18 Sept.   Two security researchers..were
going to demonstrate how they could seize control of a victim's
browser using an online attack called ‘clickjacking’.

It looks like those two researchers, Jeremiah Grossman and Robert
"RSnake" Hansen, came up with the term as part of the title of a talk
they were to deliver at a conference.

The title changed a few times; the first with "clickjacking" was 12
September 2008:

"New 0-Day Browser Exploits Clickjacking - yea, this is bad..."


Here's the diff showing it was first added then:


Here's a paper titled "Clickjacking" by both researchers, dated 12
September 2008:

Clickjacking, however, evades the need for this cross domain reading,
and instead directly places the mouse over the target area to click on
the link or form that contains the nonce - thereby bypassing the need
for client side cross domain read exploitation.


The authors used it in an email to the organiser and on their blogs on
15th September 2008:



The American Dialect Society - http://www.americandialect.org

More information about the Ads-l mailing list