Security researchers warn of new 'clickjacking' browser bugs in Security http://www.dslreports.com/forum/r21175031 en Fri, 04 Dec 2009 02:15:33 EDT Fri, 04 Dec 2009 02:15:33 EDT Re: Security researchers warn of new 'clickjacking' browser bugs http://www.dslreports.com/forum/remark,21237566 NanDog : This even made Yahoo's front page today: »news.yahoo.com/s/nf/20081008/bs_nf/62355
--
See ya across the Rainbow Bridge, my good and faithful friend!]]> http://www.dslreports.com/forum/remark,21237566 Wed, 08 Oct 2008 21:54:02 EDT Re: Security researchers warn of new 'clickjacking' browser bugs http://www.dslreports.com/forum/remark,21235854 Dude111 : I saw a demo of this and it just looks like an overlay of a page and the browsers unablity to seperate the 2 pages allows the exploit.....

Demo > »www.youtube.com/v/gxyLbpldmuU]]> http://www.dslreports.com/forum/remark,21235854 Wed, 08 Oct 2008 16:26:08 EDT Re: Security researchers warn of new 'clickjacking' browser bugs http://www.dslreports.com/forum/remark,21235562 nwrickert : Interesting. Thanks.

For some time, now, I have been using multiple firefox profiles. Banking, router configuration, etc, uses one profile. Ordinary browsing uses another. This separation should greatly reduce the risk from all kinds of cross site vulnerabilities.

So, sure, a clever cross site attack might change my dslr profile, but it could not change my router configuration nor could it do something with my bank account.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.3]]> http://www.dslreports.com/forum/remark,21235562 Wed, 08 Oct 2008 15:32:47 EDT Re: Security researchers warn of new 'clickjacking' browser bugs http://www.dslreports.com/forum/remark,21234959 SUMware : Firefox users can avail themselves of NoScript: »NoScript Fights Clickjacking]]> http://www.dslreports.com/forum/remark,21234959 Wed, 08 Oct 2008 13:41:51 EDT Re: Security researchers warn of new 'clickjacking' browser bugs http://www.dslreports.com/forum/remark,21234369 swhx7 : Details are public now. »ha.ckers.org/blog/20081007/click···details/

More: »securosis.com/2008/10/07/clickja···-advice/]]> http://www.dslreports.com/forum/remark,21234369 Wed, 08 Oct 2008 11:57:57 EDT Re: Security researchers warn of new 'clickjacking' browser bugs http://www.dslreports.com/forum/remark,21196355 Dude111 : Just as i thought this is nothing........ (Only people that dont know what they are doing might be affected)]]> http://www.dslreports.com/forum/remark,21196355 Wed, 01 Oct 2008 00:55:50 EDT Re: Security researchers warn of new 'clickjacking' browser bugs http://www.dslreports.com/forum/remark,21194914 mysec : n/m]]> http://www.dslreports.com/forum/remark,21194914 Tue, 30 Sep 2008 20:25:51 EDT Re: Security researchers warn of new 'clickjacking' browser bugs http://www.dslreports.com/forum/remark,21194525 ravencajun : Oleg, glad that you've started a dedicated thread for this.

times 2!
I was going to start one a few days ago then found the other threads mentioned.
These were some of the other articles recently, might as well put them all in one spot.
Clickjacking: Researchers raise alert for scary new cross-browser exploit
Firefox + NoScript vs Clickjacking
Adobe Flash ads launching clipboard hijack attack
copy and paste from the ubuntu forums.

It is definitely a topic that needs attention.
Some of the scenarios that have been mentioned are pretty scary.
Hopefully something constructive will come out of the discussions and a fix is on the horizon.]]> http://www.dslreports.com/forum/remark,21194525 Tue, 30 Sep 2008 19:14:17 EDT Re: Security researchers warn of new 'clickjacking' browser bugs http://www.dslreports.com/forum/remark,21191866 JohnInSJ :
said by redwolfe_98 See Profile :

i don't see how this "click-jacking" issue could be much of a problem..
I guess it depends on if you hang out at compromised sites, while having important authenticated content open in another window at the same time, while madly clicking on everything you can (or maybe cannot) see.]]> http://www.dslreports.com/forum/remark,21191866 Tue, 30 Sep 2008 11:45:44 EDT Re: Security researchers warn of new 'clickjacking' browser bugs http://www.dslreports.com/forum/remark,21180501 redwolfe_98 : i don't see how this "click-jacking" issue could be much of a problem..]]> http://www.dslreports.com/forum/remark,21180501 Sun, 28 Sep 2008 00:29:03 EDT Re: Security researchers warn of new 'clickjacking' browser bugs http://www.dslreports.com/forum/remark,21175142 SUMware : This is an extremely serious and difficult vulnerability.

Doctor Four and I posted important information about this in a different thread: »Re: Malvertisement on MSNBC.com using clipboard (copy/paste) . Please read it.

Giorgio Maone, the creator of NoScript, "had access to detailed information about how this attack works". He said "I was told that it's indeed "very, freaking scary" and "near impossible" to fix properly."

swhx7 added this:
said by swhx7 See Profile :

The discoverers have been vague about just what the "clickjacking" involves. The reason of course is the same as in the recent Kaminsky/DNS thing, to give vendors time to patch. This has led to some anxiety about how site maintainers and surfers can be safe.

In looking around however, I found a clear explanation of at least one implementation of it: »lists.whatwg.org/pipermail/whatw···284.html

The above is already out there, so I'm not making it any worse by linking.

I favor Zalewski's #4, because it puts the user most in control.
Oleg, glad that you've started a dedicated thread for this.]]> http://www.dslreports.com/forum/remark,21175142 Fri, 26 Sep 2008 19:51:40 EDT Security researchers warn of new 'clickjacking' browser bugs http://www.dslreports.com/forum/remark,21175031 Oleg : September 26, 2008 (Computerworld) Security researchers warned today that a new class of vulnerabilities dubbed "clickjacking" puts users of every major browser at risk from attack.

Read more »www.computerworld.com/action/art···M&nlid=8]]> http://www.dslreports.com/forum/remark,21175031 Fri, 26 Sep 2008 19:28:27 EDT