republican-creole
site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > Security researchers warn of new 'clickjacking' browser bugs

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies

SUMware
Premium
join:2002-05-21
kudos:2
1 edit

reply to Oleg

Re: Security researchers warn of new 'clickjacking' browser bugs

This is an extremely serious and difficult vulnerability.

Doctor Four and I posted important information about this in a different thread: »Re: Malvertisement on MSNBC.com using clipboard (copy/paste) . Please read it.

Giorgio Maone, the creator of NoScript, "had access to detailed information about how this attack works". He said "I was told that it's indeed "very, freaking scary" and "near impossible" to fix properly."

swhx7 added this:
said by swhx7:

The discoverers have been vague about just what the "clickjacking" involves. The reason of course is the same as in the recent Kaminsky/DNS thing, to give vendors time to patch. This has led to some anxiety about how site maintainers and surfers can be safe.

In looking around however, I found a clear explanation of at least one implementation of it: »lists.whatwg.org/pipermail/whatw···284.html

The above is already out there, so I'm not making it any worse by linking.

I favor Zalewski's #4, because it puts the user most in control.
Oleg, glad that you've started a dedicated thread for this.
to forum · permalink · 2008-09-26 19:51:40 ·


ravencajun
Premium
join:2004-08-12
Houston, TX
kudos:2

Oleg, glad that you've started a dedicated thread for this.

times 2!
I was going to start one a few days ago then found the other threads mentioned.
These were some of the other articles recently, might as well put them all in one spot.
Clickjacking: Researchers raise alert for scary new cross-browser exploit
Firefox + NoScript vs Clickjacking
Adobe Flash ads launching clipboard hijack attack
copy and paste from the ubuntu forums.

It is definitely a topic that needs attention.
Some of the scenarios that have been mentioned are pretty scary.
Hopefully something constructive will come out of the discussions and a fix is on the horizon.

to forum · permalink · 2008-09-30 19:14:17 ·

mysec
Premium
join:2005-11-29
kudos:4
3 edits

n/m

to forum · permalink · 2008-09-30 20:25:51 ·
Forums > Broadband Tech > Security > Security

Monday, 13-Feb 03:27:37 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online! © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics