Recently I’ve come across a new PCI compliance failure “Web Application Potentially Vulnerable to Clickjacking”.
What is Clickjacking ?
Clickjacking uses IFrames to basically put a tranparent layer over a website and therefore can hijack the clicks and keystrokes the user enters. This is also known as a “UI redress attack” as it is changing the Users Interface.
I had a bit of a worrying time last week when a colleague upgraded an old (but live) Dell PowerEdge R310 server running Hyper-V with some new RAM.
He powered down the old server, upgraded the RAM and booted the server back up.
A few minutes later he was looking at the screen loading windows, when it failed. He put the DVD and tried to repair windows but when he got to the System recovery window it didn’t show any installations of Windows.
He then looked to restore from backup to another server to get the Hyper-V clients running while we fix this server.
Yes, you know what’ coming here, the latest backup we had was over a year old. Our client had not swapped out the drives for that length of time and something had corrupted the one drive that was plugged in. Windows Backup was reporting successful backups, but when you try to restore, you cannot see any dates to select from. An investigation for another day I think !