That's my thinking; it seems like it'd be most relevant in a targeted attack. Presumably there aren't so many patterns of usernames that you'd run out of chances to get one.
It's clever! I don't want to take anything away from it, except that I think it's been written up somewhat breathlessly.
Grossman probably has a good point that most applications aren't even superficially protected against clickjacking, and so this isn't going to be a common attack any time soon.
It's clever! I don't want to take anything away from it, except that I think it's been written up somewhat breathlessly.
Grossman probably has a good point that most applications aren't even superficially protected against clickjacking, and so this isn't going to be a common attack any time soon.