Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » Security researchers warn of new 'clickjacking' browser bugs
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Security Software Updates - 08 Oct 2008 »
« MS update KB951748 and ZoneAlarm --- PROBLEM  
AuthorAll Replies

SUMware
Premium
join:2002-05-21

1 edit		reply to Oleg
Re: Security researchers warn of new 'clickjacking' browser bugs

This is an extremely serious and difficult vulnerability.

Doctor Four and I posted important information about this in a different thread: »Re: Malvertisement on MSNBC.com using clipboard (copy/paste) . Please read it.

Giorgio Maone, the creator of NoScript, "had access to detailed information about how this attack works". He said "I was told that it's indeed "very, freaking scary" and "near impossible" to fix properly."

swhx7 added this:
said by swhx7 See Profile :

The discoverers have been vague about just what the "clickjacking" involves. The reason of course is the same as in the recent Kaminsky/DNS thing, to give vendors time to patch. This has led to some anxiety about how site maintainers and surfers can be safe.

In looking around however, I found a clear explanation of at least one implementation of it: »lists.whatwg.org/pipermail/whatw···284.html

The above is already out there, so I'm not making it any worse by linking.

I favor Zalewski's #4, because it puts the user most in control.
Oleg, glad that you've started a dedicated thread for this.
to forum · permalink · · 2008-09-26 19:51:40 · Reply to this


ravencajun
Premium
join:2004-08-12
Houston, TX

 Oleg, glad that you've started a dedicated thread for this.

times 2!
I was going to start one a few days ago then found the other threads mentioned.
These were some of the other articles recently, might as well put them all in one spot.
Clickjacking: Researchers raise alert for scary new cross-browser exploit
Firefox + NoScript vs Clickjacking
Adobe Flash ads launching clipboard hijack attack
copy and paste from the ubuntu forums.

It is definitely a topic that needs attention.
Some of the scenarios that have been mentioned are pretty scary.
Hopefully something constructive will come out of the discussions and a fix is on the horizon.
to forum · permalink · · 2008-09-30 19:14:17 · Reply to this

mysec
Premium
join:2005-11-29
3 edits		 n/m
to forum · permalink · · 2008-09-30 20:25:51 · Reply to this
-
Forums » Up and Running » Security » SecuritySecurity Software Updates - 08 Oct 2008 »
« MS update KB951748 and ZoneAlarm --- PROBLEM  

Wednesday, 02-Dec 13:46:52 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [159] Comcast Releasing Promised Usage Meter
· [74] Latest Consumer Reports Survey Not Kind To AT&T
· [69] Baltimore To Ban Lazy Cable Installs
· [61] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [60] Broadband Killed The Game Console
· [54] Rogers Unveils The ISP Dream Model
· [46] ACTA: Global Three Strikes
· [41] Rural Carriers Quickly Embracing Fiber
· [36] Charter Exits Chapter 11
· [33] AT&T Top Lobbyist Cicconi Has His Feelings Hurt
Most people now reading
· LFM Overkill [World of Warcraft]
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· DK Weapon Upgrade [World of Warcraft]
· MS admits Windows Updates principally created to annoy [Security]
· Quality/longevity of 15A 120V receptacles [Home Repair & Improvement]
· Am I the only one that loves to work in IT? [No, I Will Not Fix Your #@$!! Computer]
· Data Usage Meter Launched [Comcast HSI]
· A little freaky, not sure if its legit. [Spam, Scam and Phishbusters]
· Comcast refusal to activate DCH200. Any workarounds? [Comcast Cable TV]
· So I found a gold mine... [World of Warcraft]