[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help] 

Status: Not Logged In; Sign In

Nicotine and Fish

Genocide Summer Camp, And Other Notes From The Edge Of The Narrative Matrix

This Can Create Endless Green Energy WITHOUT Electricity

Geoengineering: Who’s Behind It and How We Stop It

Pam Bondi Ordered Prosecution of Dr. Kirk Moore After Refusing to Dismiss Case

California woman bombarded with Amazon packages for over a year

CVS ordered to pay $949 MILLION in Medicaid fraud case.

Starmer has signed up to the UNs agreement to raise taxes in the UK

Magic mushrooms may hold the secret to longevity: Psilocybin extends lifespan by 57% in groundbreaking study

Cops favorite AI tool automatically deletes evidence of when AI was used

Leftist Anti ICE Extremist OPENS FIRE On Cops, $50,000 REWARD For Shooter

With great power comes no accountability.

Auto loan debt hits $1.63T. 20% of buyers now pay $1,000+ monthly. Texas delinquency hits 7.92%.

Quotable Quotes from the Chosenites

Tokara Islands NOW crashing into the Ocean ! Mysterious Swarm continues with OVER 1700 Quakes !

Why Austria Is Suddenly Declaring War on Immigration

Rep. Greene Wants To Remove $500 Million in Military Aid for Nuclear-Armed Israel From NDAA

Netanyahu Lays Groundwork for Additional Strikes on Iran: 'We Didn't Deal With The Enriched Uranium'

Sweden Cracks Down On OnlyFans - Will U.S. Follow Suit?

Joe Rogan CALLS OUT Israel's Media CONTROL

Communist Billionaire Accused Of Funding Anti-ICE Riots Mysteriously Vanishes

6 Factors That Describe China's Current State

Trump Thteatens to Bomb Moscow and Beijing

Little Bitty

Vertiv Drops After Amazon Unveils In-House Liquid Cooling System, Marking Pivot To Liquid

17 Out-Of-Place Artifacts That Suggest High-Tech Civilizations Existed Thousands (Or Millions) Of Years Ago

Hamas Still Killing IDF Soldiers After 642 Days

Copper underpins every part of the economy. If you want to destroy the U.S. economy this is how you would do it.

Egyptian Pres. Gamal Abdel Nassers Chilling Decades-Old Prediction About Israel-Palstine Conflict.

Debt jumps $366B in one day.


Science/Tech
See other Science/Tech Articles

Title: New clickjacking affects all browsers; cause remains unknown
Source: ArsTechnica
URL Source: http://arstechnica.com/news.ars/pos ... ers-cause-remains-unknown.html
Published: Sep 26, 2008
Author: Joel Hruska
Post Date: 2008-09-26 15:43:22 by a vast rightwing conspirator
Keywords: None
Views: 323
Comments: 10

New clickjacking affects all browsers; cause remains unknown
By Joel Hruska | Published: September 26, 2008 - 01:41PM CT

Jeremiah Grossman and Robert "Rsnake" Hansen initially planned to reveal details on a new browser-agnostic clickjacking exploit at the Open Web Application Security Project (OWASP) in New York City this week, but voluntarily pulled the presentation after discovering that the 0-day flaw affected an Adobe product. The term "clickjacking" refers to a process by which a user is forced to click on a link without his or her knowledge—the link itself may be nearly invisible or visible for only a fraction of a second.

Clickjacking isn't a new attack vector, but according to Grossman and Hansen, it's one that is "severely underappreciated and largely undefended." What makes the attack noteworthy, in this case, is that it appears to be completely browser-agnostic, and affects both Firefox 2 and 3, all versions of IE (including 8), and presumably all versions of Opera, Konquerer, Safari, and whatever other extremely marginalized and/or FailCat type of browser one might use to surf the web. The only browsers currently immune to whatever it is the two men discovered are text-based products, such as Lynx.

In this case, "whatever it is," actually is the only appropriate label for this new attack method; Grossman and Hansen have released virtually no information on how one would actually exploit the vulnerability. Grossman and his teammate appear to have held off publishing after Adobe requested they do so, rather than as a favor to the browser market. In his blog, Grossman writes: "At the time, we believed our discoveries were more in line with generic Web browsers behavior, not traditional “exploits,” and that guarding against clickjacking was largely the browser vendors' responsibility."

Yeah, it's kinda like that Grossman and Hansen have, however, released a bit of information on what won't protect a user from the exploit. Turning Javascript off is apparently useless— the attack doesn't use it. Instead, it takes advantage of what the two call a "fundamental flaw" inherent to all modern browsers, and an issue that cannot be fixed with a quick patch. Using a frame buster script will protect a person from assaults that utilize cross-domain scripting, but will not prevent the attack from operating normally if it's on a page the user is visiting.

As exploits go, this particular one seems a tempest in a teapot. The vulnerability in question may affect all web browsers, but the total dearth of publicly available data means anyone wanting to utilize it has their work cut out for them. Grossman states that this particular attack is capable of some "pretty spooky," things, but that's all the detail we get. I'm not a fan of security through obscurity, but that's not what anyone is advocating—Adobe has acknowledged the problem, and the dev teams on both Firefox and IE are undoubtedly aware of the flaw's existence. Hopefully they also received a bit more information than the public did.

Post Comment   Private Reply   Ignore Thread  


TopPage UpFull ThreadPage DownBottom/Latest

Begin Trace Mode for Comment # 6.

#6. To: a vast rightwing conspirator (#0)

Dakmar  posted on  2008-09-26   16:17:44 ET  Reply   Untrace   Trace   Private Reply  


Replies to Comment # 6.

        There are no replies to Comment # 6.


End Trace Mode for Comment # 6.

TopPage UpFull ThreadPage DownBottom/Latest


[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]