[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help] 

Status: Not Logged In; Sign In

Real Monetary Reform

More Young Men Are Now Religious Than Women In The US

0,000+ online influencers, journalists, drive-by media, TV stars and writers work for State Department

"Why Are We Hiding It From The Public?" - Five Takeaways From Congressional UFO Hearing

Food Additives Exposed: What Lies Beneath America's Food Supply

Scott Ritter: Hezbollah OBLITERATES IDF, Netanyahu in deep legal trouble

Vivek Ramaswamy says he and Elon Musk are set up for 'mass deportations' of millions of 'unelected bureaucrats'

Evidence Points to Voter Fraud in 2024 Wisconsin Senate Race

Rickards: Your Trump Investment Guide

Pentagon 'Shocked' By Houthi Arsenal, Sophistication Is 'Getting Scary'

Cancer Starves When You Eat These Surprising Foods | Dr. William Li

Megyn Kelly Gets Fiery About Trump's Choice of Matt Gaetz for Attorney General

Over 100 leftist groups organize coalition to rebuild morale and resist MAGA after Trump win

Mainstream Media Cries Foul Over Musk Meeting With Iran Ambassador...On Peace

Vaccine Stocks Slide Further After Trump Taps RFK Jr. To Lead HHS; CNN Outraged

Do Trump’s picks Rubio, Huckabee signal his approval of West Bank annexation?

Pac-Man

Barron Trump

Big Pharma-Sponsored Vaccinologist Finally Admits mRNA Shots Are Killing Millions

US fiscal year 2025 opens with a staggering $257 billion October deficit$3 trillion annual pace.

His brain has been damaged by American processed food.

Iran willing to resolve doubts about its atomic programme with IAEA

FBI Official Who Oversaw J6 Pipe Bomb Probe Lied About Receiving 'Corrupted' Evidence “We have complete data. Not complete, because there’s some data that was corrupted by one of the providers—not purposely by them, right,” former FBI official Steven D’Antuono told the House Judiciary Committee in a

Musk’s DOGE Takes To X To Crowdsource Talent: ‘80+ Hours Per Week,’

Female Bodybuilders vs. 16 Year Old Farmers

Whoopi Goldberg announces she is joining women in their sex abstinence

Musk secretly met with Iran's UN envoy NYT

D.O.G.E. To have a leaderboard of most wasteful government spending

In Most U.S. Cities, Social Security Payments Last Married Couples Just 19 Days Or Less

Another major healthcare provider files for Chapter 11 bankruptcy


Science/Tech
See other Science/Tech Articles

Title: New clickjacking affects all browsers; cause remains unknown
Source: ArsTechnica
URL Source: http://arstechnica.com/news.ars/pos ... ers-cause-remains-unknown.html
Published: Sep 26, 2008
Author: Joel Hruska
Post Date: 2008-09-26 15:43:22 by a vast rightwing conspirator
Keywords: None
Views: 248
Comments: 10

New clickjacking affects all browsers; cause remains unknown
By Joel Hruska | Published: September 26, 2008 - 01:41PM CT

Jeremiah Grossman and Robert "Rsnake" Hansen initially planned to reveal details on a new browser-agnostic clickjacking exploit at the Open Web Application Security Project (OWASP) in New York City this week, but voluntarily pulled the presentation after discovering that the 0-day flaw affected an Adobe product. The term "clickjacking" refers to a process by which a user is forced to click on a link without his or her knowledge—the link itself may be nearly invisible or visible for only a fraction of a second.

Clickjacking isn't a new attack vector, but according to Grossman and Hansen, it's one that is "severely underappreciated and largely undefended." What makes the attack noteworthy, in this case, is that it appears to be completely browser-agnostic, and affects both Firefox 2 and 3, all versions of IE (including 8), and presumably all versions of Opera, Konquerer, Safari, and whatever other extremely marginalized and/or FailCat type of browser one might use to surf the web. The only browsers currently immune to whatever it is the two men discovered are text-based products, such as Lynx.

In this case, "whatever it is," actually is the only appropriate label for this new attack method; Grossman and Hansen have released virtually no information on how one would actually exploit the vulnerability. Grossman and his teammate appear to have held off publishing after Adobe requested they do so, rather than as a favor to the browser market. In his blog, Grossman writes: "At the time, we believed our discoveries were more in line with generic Web browsers behavior, not traditional “exploits,” and that guarding against clickjacking was largely the browser vendors' responsibility."

Yeah, it's kinda like that Grossman and Hansen have, however, released a bit of information on what won't protect a user from the exploit. Turning Javascript off is apparently useless— the attack doesn't use it. Instead, it takes advantage of what the two call a "fundamental flaw" inherent to all modern browsers, and an issue that cannot be fixed with a quick patch. Using a frame buster script will protect a person from assaults that utilize cross-domain scripting, but will not prevent the attack from operating normally if it's on a page the user is visiting.

As exploits go, this particular one seems a tempest in a teapot. The vulnerability in question may affect all web browsers, but the total dearth of publicly available data means anyone wanting to utilize it has their work cut out for them. Grossman states that this particular attack is capable of some "pretty spooky," things, but that's all the detail we get. I'm not a fan of security through obscurity, but that's not what anyone is advocating—Adobe has acknowledged the problem, and the dev teams on both Firefox and IE are undoubtedly aware of the flaw's existence. Hopefully they also received a bit more information than the public did.

Post Comment   Private Reply   Ignore Thread  


TopPage UpFull ThreadPage DownBottom/Latest

#1. To: All (#0)

I forgot to note on the headline: if you clicked on the link that opened this article, you are doomed! Doomed!! DOOMED!!!! DOOMED!!!!!

Antiparty - find out why, think about 'how'

a vast rightwing conspirator  posted on  2008-09-26   15:44:55 ET  Reply   Trace   Private Reply  


#2. To: All (#0)


It's kinda like that

Antiparty - find out why, think about 'how'

a vast rightwing conspirator  posted on  2008-09-26   15:48:39 ET  (1 image) Reply   Trace   Private Reply  


#3. To: a vast rightwing conspirator (#0)

I'm not a fan of security through obscurity, but that's not what anyone is advocating—Adobe has acknowledged the problem, and the dev teams on both Firefox and IE are undoubtedly aware of the flaw's existence. Hopefully they also received a bit more information than the public did.

This article tells me nothing, except I may have some problem...

A nation of mullets, ruled by inbred, moronic traitors.

Lod  posted on  2008-09-26   16:04:00 ET  Reply   Trace   Private Reply  


#4. To: a vast rightwing conspirator (#2)

Searching for 'clickjacking' turns up lots of articles, but zero information, as Adobe is trying to 'fix' their vulnerabilities.

The only Adobe product that is allowed to access the web here, is their Flash player, and I may rethink that decision.

A nation of mullets, ruled by inbred, moronic traitors.

Lod  posted on  2008-09-26   16:13:50 ET  Reply   Trace   Private Reply  


#5. To: lodwick (#3)

It says: BE VERY AFRAID!!! And it says that SOMEONE is working on this so you keep the hope up because, JUST MAYBE, you won't die.

Antiparty - find out why, think about 'how'

a vast rightwing conspirator  posted on  2008-09-26   16:14:29 ET  Reply   Trace   Private Reply  


#6. To: a vast rightwing conspirator (#0)

And they write innumerable books; being too vain and distracted for silence: seeking every one after his own elevation, and dodging his emptiness. - T. S. Eliot

Dakmar  posted on  2008-09-26   16:17:44 ET  Reply   Trace   Private Reply  


#7. To: lodwick (#3)

This article tells me nothing, except I may have some problem...

You need to incorporate more green, leafy matter into your diet.

And they write innumerable books; being too vain and distracted for silence: seeking every one after his own elevation, and dodging his emptiness. - T. S. Eliot

Dakmar  posted on  2008-09-26   16:24:18 ET  Reply   Trace   Private Reply  


#8. To: a vast rightwing conspirator. all (#5)

Check this out - chocolate, instead of flouride for our teeth -

Found while searching for a substitute Flash player.

media.swagit.com/s/wbrz/T...172007-8.high.flash8.html

A nation of mullets, ruled by inbred, moronic traitors.

Lod  posted on  2008-09-26   16:29:15 ET  Reply   Trace   Private Reply  


#9. To: a vast rightwing conspirator (#1) (Edited)

.

“The best and first guarantor of our neutrality and our independent existence is the defensive will of the people…and the proverbial marksmanship of the Swiss shooter. Each soldier a good marksman! Each shot a hit!”
-Schweizerische Schuetzenzeitung (Swiss Shooting Federation) April, 1941

X-15  posted on  2008-09-26   18:08:16 ET  Reply   Trace   Private Reply  


#10. To: X-15 (#9)

7, 4, 2 , WHAT?

And they write innumerable books; being too vain and distracted for silence: seeking every one after his own elevation, and dodging his emptiness. - T. S. Eliot

Dakmar  posted on  2008-09-26   18:12:03 ET  Reply   Trace   Private Reply  


TopPage UpFull ThreadPage DownBottom/Latest


[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Sign-in]  [Mail]  [Setup]  [Help]