Simon Willison’s Weblog

12th February 2009 - Link Blog

Twitter Don't Click Exploit. Someone ran a successful ClickJacking exploit against Twitter users, using a transparent iframe holding the Twitter homepage with a status message fed in by a query string parameter. Thiss will definitely help raise awareness of ClickJacking! Twitter has now added framebusting JavaScript to prevent the exploit.

Posted 12th February 2009 at 7:56 pm

Recent articles

Meta's new model is Muse Spark, and meta.ai chat has some interesting tools - 8th April 2026
Anthropic's Project Glasswing - restricting Claude Mythos to security researchers - sounds necessary to me - 7th April 2026
The Axios supply chain attack used individually targeted social engineering - 3rd April 2026

This is a link post by Simon Willison, posted on 12th February 2009.

chris-shiflett 6 clickjacking 11 framebusting 6 javascript 750 security 595 twitter 161

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe