Powered by Blogger.

Clickjacking Intro's

ClickJacking is a relatively old vulnerability that has been around since 2002, however it has been recently brought back to life by Robert Hansen and Jeremiah Grossman who provided moreexploitation means and proof of conceptsthat made it the most discussed topic in the web application security industry. Theexploit works through hidden overlapping iframes generated with CSS or javascriptthat would trick the user into clicking onbuttons and links he wouldn't otherwiseclick. A particular vulnerability exists in Adobe's Flash Software, which allows themalicious attacker to use ClickJacking to gain access to the user's web-cam andmicrophone. This, as theorized by thetwo researchers can create a full-fledgedattack tool for corporate or governmentespionage. Beside the Fear UncertaintyDoubt used to push this new research,it has been taken seriously both fromAdobe that released a patch to solve theissue and from the browsers vendorsthat are still at the designing stage for thesolution but rushing to release it. At nowthe only protection left for end users, beforeanything official comes out from browsersvendors, is to use the latest version of Noscript addon for Firefox that ships withthe ClearClick feature.In the words of Noscript's authorwhenever you click or otherwise interact,through your mouse or your keyboard, withan embedded element which is partiallyobstructed, transparent or otherwisedisguised, NoScript prevents the interactionfrom completing and reveals you the realthing in "clear"


Artikel Terpopuler


Blogumulus by Roy Tanck and Amanda Fazani