Last Updated: 2013-11-11 01:43:11 UTC
by Johannes Ullrich (Version: 1)
You may have noticed that the "ad" frame we use in the top right corner has been empty for the last couple days. Oddly, we didn't get a lot of complaints about that ;-)
The reason is pretty simple: The SANS ads are included via an iframe. However, iframes, as Smit B. Shah pointed out in an e-mail to the SANS webmaster, can also be used in clickjacking attacks. So we decided to implement a simple anti-clickjacking defense by adding the "X-Frame-Options: SAMEORIGIN" header to all sans.org pages. Of course, "isc.sans.edu" is not "sameorigin" and the ads no longer show up if your browser supports the header.