Microsoft sure doesn't seem too worried about clickjacking. Should it be? Should you be? With all the recent buzz about clickjacking, a blog post is long overdue. So this afternoon I contacted Microsoft's PR agency with the simplest softball question—and some opportunity to promote Internet Explorer 8 security. My, but did I get an unexpected response.
My question: "Is there anything new in IE 8 that helps thwart or even prevents clickjacking? If so, can you put me on the phone with somebody to discuss the topic?" Instead, I got a general statement attributed to Bill Sisk, Microsoft's security response communications manager: "Microsoft is investigating new public claims of a possible vulnerability in Internet browsers and is in dialogue with the researcher. We're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact."