LeKanaw
Member
Bonjour Everybody :*)
A new type of attack has been discovered called ClickJacking.
To know more
• Read the CNet article.
• Here a more detailed article about all this.
• There is a demonstration of the attack [even though I must say I didn't quite get what they were trying to show ...] on YouTube
• And for those of us ridding The Fox, look into your NoScript settings, under the "Plug-Ins" tab.
Hope this helps
my_name_is_brad
Member
you and I must be on the same page....i came across the same article today.
Basically 'clickjacking" is nothing new. It's just a new way to go about it. basically what is happening more often than not is just people using javascript to override default actions.
It is very easy to dupe button clicks. in JavaScript each action a user takes gets an event attached to it. Now with a hidden frame, or in some cases a flash or java applet, you can overide the default events.
For example, clicking a link raises an onClick, and onUnload event in many browsers. Now it is quite simple to override those events, and there are legit reasons to do so. Visit most government sites and you will be presented with a page that says you are leaving the site if you click a link to an external site.
a few rules of thumb
1) always check the links that may require sign in
2) never follow any link that asks you for ANY personal info....even if it's on the next page
3) set your web cam settings to not be activated by flash (fairly minor risk, but can happen)
4) probably most important.....ALWAYS ALWAYS ALWAYS shut down and restart your browser before accessing ANY banking info.
5) just be smart. If it looks odd assume it is
Anonymous
Unregistered
http://www.adobe.com/support/security/advisories/apsa08-08.html
Flash Player workaround available for "Clickjacking" issue
To prevent this potential issue, customers can change their Flash Player settings
You must log in to post.
