[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help] 

Status: Not Logged In; Sign In

Barron Trump

Big Pharma-Sponsored Vaccinologist Finally Admits mRNA Shots Are Killing Millions

US fiscal year 2025 opens with a staggering $257 billion October deficit$3 trillion annual pace.

His brain has been damaged by American processed food.

Iran willing to resolve doubts about its atomic programme with IAEA

FBI Official Who Oversaw J6 Pipe Bomb Probe Lied About Receiving 'Corrupted' Evidence “We have complete data. Not complete, because there’s some data that was corrupted by one of the providers—not purposely by them, right,” former FBI official Steven D’Antuono told the House Judiciary Committee in a

Musk’s DOGE Takes To X To Crowdsource Talent: ‘80+ Hours Per Week,’

Female Bodybuilders vs. 16 Year Old Farmers

Whoopi Goldberg announces she is joining women in their sex abstinence

Musk secretly met with Iran's UN envoy NYT

D.O.G.E. To have a leaderboard of most wasteful government spending

In Most U.S. Cities, Social Security Payments Last Married Couples Just 19 Days Or Less

Another major healthcare provider files for Chapter 11 bankruptcy

The Ukrainians have put Tulsi Gabbard on their Myrotvorets kill list

Sen. Johnson unveils photo of Biden-appointed crossdressers after reporters rage over Gaetz nomination

sted on: Nov 15 07:56 'WE WOULD LOSE' War with Iran: Col. Lawrence Wilkerson

Israeli minister says Palestinians should have no voting or land rights

The Case For Radical Changes In US National Defense: Col. Douglas Macgregor

Biden's Regulations Legacy Costs Taxpayers $1.8 Trillion, 800 Times Larger than Trumps

Israeli Soldiers are BUSTED!

Al Sharpton and MSNBC Caught in Major Journalism Ethics Fail in Accepting Kamala's Campaign Money

ABC News in panic mode to balance The View after anti-Trump panel misses voter sentiment

The Latest Biden Tax Bomb

Republicans Pass New Anti-Woke Law: Ohio Senate Bans Transgender from Womens School Bathrooms

Gaetz, who would oversee US prisons as attorney general, thinks El Salvador’s hardline lockups are a model

Francesca Albanese shuts down reporter question on whether Israel has right to exist

Democratic Governors Create Coalition To Push Back Against Trump Policies

BRICS Write-off $20 billion Debt of Africa and Shocked IMF

MASS EXODUS Of Soldiers Rock IDF After BLOODIEST DAY EVER in Lebanon

This Is Why They Wont Be Able To Block Matt Gaetz, Tulsi Gabbard, Pete Hegseth And RFK Jr.


Science/Tech
See other Science/Tech Articles

Title: New clickjacking affects all browsers; cause remains unknown
Source: ArsTechnica
URL Source: http://arstechnica.com/news.ars/pos ... ers-cause-remains-unknown.html
Published: Sep 26, 2008
Author: Joel Hruska
Post Date: 2008-09-26 15:43:22 by a vast rightwing conspirator
Keywords: None
Views: 244
Comments: 10

New clickjacking affects all browsers; cause remains unknown
By Joel Hruska | Published: September 26, 2008 - 01:41PM CT

Jeremiah Grossman and Robert "Rsnake" Hansen initially planned to reveal details on a new browser-agnostic clickjacking exploit at the Open Web Application Security Project (OWASP) in New York City this week, but voluntarily pulled the presentation after discovering that the 0-day flaw affected an Adobe product. The term "clickjacking" refers to a process by which a user is forced to click on a link without his or her knowledge—the link itself may be nearly invisible or visible for only a fraction of a second.

Clickjacking isn't a new attack vector, but according to Grossman and Hansen, it's one that is "severely underappreciated and largely undefended." What makes the attack noteworthy, in this case, is that it appears to be completely browser-agnostic, and affects both Firefox 2 and 3, all versions of IE (including 8), and presumably all versions of Opera, Konquerer, Safari, and whatever other extremely marginalized and/or FailCat type of browser one might use to surf the web. The only browsers currently immune to whatever it is the two men discovered are text-based products, such as Lynx.

In this case, "whatever it is," actually is the only appropriate label for this new attack method; Grossman and Hansen have released virtually no information on how one would actually exploit the vulnerability. Grossman and his teammate appear to have held off publishing after Adobe requested they do so, rather than as a favor to the browser market. In his blog, Grossman writes: "At the time, we believed our discoveries were more in line with generic Web browsers behavior, not traditional “exploits,” and that guarding against clickjacking was largely the browser vendors' responsibility."

Yeah, it's kinda like that Grossman and Hansen have, however, released a bit of information on what won't protect a user from the exploit. Turning Javascript off is apparently useless— the attack doesn't use it. Instead, it takes advantage of what the two call a "fundamental flaw" inherent to all modern browsers, and an issue that cannot be fixed with a quick patch. Using a frame buster script will protect a person from assaults that utilize cross-domain scripting, but will not prevent the attack from operating normally if it's on a page the user is visiting.

As exploits go, this particular one seems a tempest in a teapot. The vulnerability in question may affect all web browsers, but the total dearth of publicly available data means anyone wanting to utilize it has their work cut out for them. Grossman states that this particular attack is capable of some "pretty spooky," things, but that's all the detail we get. I'm not a fan of security through obscurity, but that's not what anyone is advocating—Adobe has acknowledged the problem, and the dev teams on both Firefox and IE are undoubtedly aware of the flaw's existence. Hopefully they also received a bit more information than the public did.

Post Comment   Private Reply   Ignore Thread  


TopPage UpFull ThreadPage DownBottom/Latest

#1. To: All (#0)

I forgot to note on the headline: if you clicked on the link that opened this article, you are doomed! Doomed!! DOOMED!!!! DOOMED!!!!!

Antiparty - find out why, think about 'how'

a vast rightwing conspirator  posted on  2008-09-26   15:44:55 ET  Reply   Trace   Private Reply  


#2. To: All (#0)


It's kinda like that

Antiparty - find out why, think about 'how'

a vast rightwing conspirator  posted on  2008-09-26   15:48:39 ET  (1 image) Reply   Trace   Private Reply  


#3. To: a vast rightwing conspirator (#0)

I'm not a fan of security through obscurity, but that's not what anyone is advocating—Adobe has acknowledged the problem, and the dev teams on both Firefox and IE are undoubtedly aware of the flaw's existence. Hopefully they also received a bit more information than the public did.

This article tells me nothing, except I may have some problem...

A nation of mullets, ruled by inbred, moronic traitors.

Lod  posted on  2008-09-26   16:04:00 ET  Reply   Trace   Private Reply  


#4. To: a vast rightwing conspirator (#2)

Searching for 'clickjacking' turns up lots of articles, but zero information, as Adobe is trying to 'fix' their vulnerabilities.

The only Adobe product that is allowed to access the web here, is their Flash player, and I may rethink that decision.

A nation of mullets, ruled by inbred, moronic traitors.

Lod  posted on  2008-09-26   16:13:50 ET  Reply   Trace   Private Reply  


#5. To: lodwick (#3)

It says: BE VERY AFRAID!!! And it says that SOMEONE is working on this so you keep the hope up because, JUST MAYBE, you won't die.

Antiparty - find out why, think about 'how'

a vast rightwing conspirator  posted on  2008-09-26   16:14:29 ET  Reply   Trace   Private Reply  


#6. To: a vast rightwing conspirator (#0)

And they write innumerable books; being too vain and distracted for silence: seeking every one after his own elevation, and dodging his emptiness. - T. S. Eliot

Dakmar  posted on  2008-09-26   16:17:44 ET  Reply   Trace   Private Reply  


#7. To: lodwick (#3)

This article tells me nothing, except I may have some problem...

You need to incorporate more green, leafy matter into your diet.

And they write innumerable books; being too vain and distracted for silence: seeking every one after his own elevation, and dodging his emptiness. - T. S. Eliot

Dakmar  posted on  2008-09-26   16:24:18 ET  Reply   Trace   Private Reply  


#8. To: a vast rightwing conspirator. all (#5)

Check this out - chocolate, instead of flouride for our teeth -

Found while searching for a substitute Flash player.

media.swagit.com/s/wbrz/T...172007-8.high.flash8.html

A nation of mullets, ruled by inbred, moronic traitors.

Lod  posted on  2008-09-26   16:29:15 ET  Reply   Trace   Private Reply  


#9. To: a vast rightwing conspirator (#1) (Edited)

.

“The best and first guarantor of our neutrality and our independent existence is the defensive will of the people…and the proverbial marksmanship of the Swiss shooter. Each soldier a good marksman! Each shot a hit!”
-Schweizerische Schuetzenzeitung (Swiss Shooting Federation) April, 1941

X-15  posted on  2008-09-26   18:08:16 ET  Reply   Trace   Private Reply  


#10. To: X-15 (#9)

7, 4, 2 , WHAT?

And they write innumerable books; being too vain and distracted for silence: seeking every one after his own elevation, and dodging his emptiness. - T. S. Eliot

Dakmar  posted on  2008-09-26   18:12:03 ET  Reply   Trace   Private Reply  


TopPage UpFull ThreadPage DownBottom/Latest


[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]