[Ads-l] Six-day antedating of "clickjacking"
Hugo
hugovk at GMAIL.COM
Tue Sep 13 18:59:39 UTC 2016
Added in this quarter's update, the OED's first quotation for "clickjacking" is:
---
2008 Network World (Nexis) 18 Sept. Two security researchers..were
going to demonstrate how they could seize control of a victim's
browser using an online attack called ‘clickjacking’.
---
It looks like those two researchers, Jeremiah Grossman and Robert
"RSnake" Hansen, came up with the term as part of the title of a talk
they were to deliver at a conference.
The title changed a few times; the first with "clickjacking" was 12
September 2008:
---
"New 0-Day Browser Exploits Clickjacking - yea, this is bad..."
---
https://www.owasp.org/index.php?title=OWASP_NYC_AppSec_2008_Conference&oldid=39531
Here's the diff showing it was first added then:
https://www.owasp.org/index.php?title=OWASP_NYC_AppSec_2008_Conference&diff=prev&oldid=39531
Here's a paper titled "Clickjacking" by both researchers, dated 12
September 2008:
---
Clickjacking, however, evades the need for this cross domain reading,
and instead directly places the mouse over the target area to click on
the link or form that contains the nonce - thereby bypassing the need
for client side cross domain read exploitation.
---
http://www.sectheory.com/clickjacking.htm
The authors used it in an email to the organiser and on their blogs on
15th September 2008:
http://alanzeichick.com/2008/09/possible-clickjacking-security-flaws-in.html
http://blog.jeremiahgrossman.com/2008/09/cancelled-clickjacking-owasp-appsec.html
https://web.archive.org/web/20080918071053/http://ha.ckers.org/blog/20080915/clickjacking/
Hugo
------------------------------------------------------------
The American Dialect Society - http://www.americandialect.org
More information about the Ads-l
mailing list