How to Prevent Cross Frame Scripting

Posted by AALIYAH on March 2nd, 2017

If you are looking to increase your security then you will need to be aware of something called cross frame scripting. Cross frame scripting is a way that hackers are able to attack and steal data by combining an iframe with a malicious JavaScript. The success of the attack is usually dependant when it is used with social engineering. An example of cross frame scripting is when someone who is attacking is able to convince a site user to go to a site that is controlled by the attacker, rather than the page they wanted to get to. Once that website has been accessed, malicious software is able to download onto your computer and then copy your keystrokes. This could enable them to access your account by stealing your password and user credentials without your knowledge.

A commonplace browser security model will allow the JavaScript that has been loaded from one page to be able to access other pages, which are usually loaded in a different browser or frame, so long as they have been accessed via the original server or domain. Bugs within the model are usually taken from specific browsers which allows the attacker to get information that has been loaded from a different server. Keyboard events being recorded by the hacker will be leaked across the HTML framesets. As you type in your credentials, thinking that you are using a legitimate site, your login details can be recorded and used at a later date and compromising security.

In order to exploit the bug which gives the events from the keyboard to the attacker they can create a page that mimics the original. The borders of the frame will be hidden and expanded so that the user will assume they are using a site that is safe. The attacker will then register the JavaScript on the main page and receive notification of every single key you press. This, as you can imagine, is frustrating and most people do not realise that they have been subject to their information and actions being recorded as everything looks as normal.

The two most common ways to prevent cross frame scripting are to ensure the X-Frame Options are instructed not to allow any framing from any domain other than the original. The second is to ensure that the current frame consistently keeps the top level by using a defensive code.

Common methods used include sites that have extra links instructing the user to click a link for a free gift or service. Unfortunately, the page will load an iframe and if they try to delete messages, for example noticing something is not quite right, this is the link that contains the malicious site where you while assume you have got rid of the problem. The Adobe Flash settings are a good example of where you may get a pop up asking you to update or make changes to your settings. This could allow the attacker to get permission to use your flash animation which is capable of using your microphone and camera. Even social networking sites have suffered at the hands of cross frame scripting by causing users to repost a malicious location. This can escalate the problem for numerous users which is why it is so important to have security in place.


Also See: Frame Scripting, Cross Frame, User Credentials, Prevent Cross, Frame, Scripting, Cross

Tattoo Design Gallery | Miami Ink Tattoo Designs
Search over 30,000+ beautiful tattoo designs in over 60 categories on any device! A tattoo lasts forever. Find your next tattoo design here!
Classical Guitar Sheet Music
Original classical guitar compositions by Richard Miles Jackman, Tarrega. Classical guitar transcriptions of Debussy, Albeniz.
Learn to Play the Violin or Fiddle
Music is too precious and too important to limit access to it! Our mission is to bring the joy of music to as many people as possible, regardless of location, vocation, background, culture, or ability.
Become a Musical Mindreader!
By reading this ebook, in one hour or so, you can learn how to be a prophet - see into the future - and tell all these things about almost any song.
Audio Video Wholesaler
Your Direct Source For Multimedia Products, Audio, Music, Video Courses Products at Wholesale Prices
How to Read Ledger Line Notes
How you can read ledger line notes - easily and quickly. Multimedia ebook with proven memory aids for reading any ledger note on the piano. Free bonus ebook on playing music scales.
Quality Office Furniture USA Shipped Direct - Madison Liquidators
Nationwide vendor of quality office furnishings including Desks, Office Chairs, Conference Tables, Cubicles and more!

Pastel Painting Secrets
Learn How To Start Using Pastels Easily - Guaranteed!

N1 Top Internet Acoustic Blues Guitar Instructor
These 37 complete lessons encapsulate everything learned from playing as a professional blues player over the past 40 years, and contain everything you need learn to play old style blues guitar in exactly the same way.

Advertise Here