clickjacking

CNET Live - Episode 103

Jeremiah Grossman from White Hat Security joins us to talk about clickjacking.

Watch the show on CNET TV.

Things we Crave

Free Trendnet updates TV-M7 wireless camera monitor application.

Alleged PS3 Slim spy photos get cease-and-desist treatment.

Cheapskate

Get an iPhone charging dock for $5.99 shipped

First Look

LG 160 (Credo Mobile)

Voyager Q

Links we mentioned

Ray in Georgia asked Brian Cooley if he still loved the Smart Car. Short answer? No. Andrew from England asked about iPhoto loading everytime he plugs his iPod Touch in and how to minimize subwoofer bass from going through the floor. You … Read more

Expert: Twitter accounts hijacked in new attack

Twitter users looking for a little entertainment on a boring Friday may want to go elsewhere to get their fix.

A new attack was hijacking Twitter users Friday, with at least 700 accounts being compromised in two hours beginning at about 11 a.m. PST (7 p.m. GMT), security researcher Rik Ferguson wrote on the Trend Micro blog.

Victims are clicking on a link in a tweet that lures them with the promise of chatting with a 23-year-old woman on a Webcam.

"It appears that there is a rash of Twitter account hijacking going on this evening," … Read more

Twitter fends off second clickjacking attack

Twitter fended off a second clickjacking attack on Thursday night as the popular microblogging site plays cat-and-mouse with a prankster, the site confirmed on Friday.

"Yes, there was a second approach later in the day, same story as the first but with a slightly modified technique," Twitter co-founder Biz Stone wrote in an e-mail. "We took care of that too. Every day we're finding ways to improve the system."

"It's a convoluted cat-and-mouse game," Jeremiah Grossman, chief technology officer of WhiteHat Security, said earlier on Friday. "At least for the moment, … Read more

Chrome, Firefox face clickjacking

Security researchers have discovered a flaw affecting Google's Chrome browser that exposes it to "clickjacking"--in which an attacker hijacks a browser's functions by substituting a legitimate link with one of the attacker's choice.

Google has acknowledged the flaw and is working toward a patch for Chrome versions 1.0.154.43 and earlier when running within Windows XP SP2 systems, according to SecNiche security researcher Aditya Sood.

Sood disclosed the flaw on Tuesday and has since posted a proof of concept on the Bugtraq vulnerability disclosure forum.

"Attackers can trick users into performing … Read more

Adobe addresses Flash Player 'clickjacking' flaw

Adobe Systems has addressed a security flaw in its Flash Player products that could lead to 'clickjacking' attacks.

Flash Player 10, released on Wednesday, includes a fix for the clickjacking vulnerability published by researchers Jeremiah Grossman and Robert Hansen earlier this month.

Clickjacking attacks take advantage of vulnerabilities in Adobe Flash Player 9.0.124.0 and earlier, as well as vulnerabilities in browsers such as Internet Explorer, Opera, Firefox, and Safari. Exploitation of the flaws could allow an attacker to disguise Web site elements, such as dialog boxes and links, so that the user is fooled into visiting malicious … Read more

Security Bites 117: How 'Clickjacking' attacks hide behind the mouse

Criminals may have found a way to get you to click on malware without you even knowing. Worse, they might also be able to open the microphone or Webcam on your PC to eavesdrop.

Called Clickjacking, the process allows the attacker to trick you the user into clicking on something only briefly visible on the screen. While it's mostly a problem for the browser makers, it also affects Adobe Flash, Microsoft Silverlight, and Sun's Java.

Although clickjacking, which may contain up to half dozen specific vulnerabilities, has been around for years, it has recently come to the attention … Read more

Buzz Out Loud 827: Unbreakable ... because it's QUANTUM

Natali Del Conte joins us today for a discussion of quantum mechanics, Apple laptop pricing, super satellites, click-jacking, and crowd-sourced baby names. It sounds kind of heavy, but it's surprisingly goofy. We think you'll enjoy it. Also: stop Skyping us! Listen now: Download today's podcast Episode 827

WiMAX launch http://cnettv.cnet.com/9742-1_53-50004011.html

Apple notebook launch! https://twitter.com/natalidelconte/statuses/952901666

It’s official: Apple to talk laptops on October 14 http://www.cnet.com/8301-18603_1-10062305-73.html

$800 Apple notebooks? http://www.inquisitr.com/4834/exclusive-apple-to-launch-800-laptop/

Touchpanel EEE PCs to debut at CES 2009 … Read more

'Clickjacking' attack hides behind the mouse

On Tuesday, Adobe issued a workaround for a serious issue that could allow attackers to change the security settings within Flash.

Termed "clickjacking," the process gives "an attacker the ability to trick a user into clicking on something only barely or momentarily noticeable," wrote WhiteHat Security CTO Jeremiah Grossman in a blog posting last month. He went on to say that while "guarding against Clickjacking was largely the browser vendors' responsibility," both he and Robert Hansen agreed to withhold further information and even canceled their talk recently at OWASP NYC AppSec 2008 Conference at … Read more

'Internet safety' may be an oxymoron

To the short list of life's certainties--death and taxes--we can now add "Web threats."

Early indications are that there will be no quick fix for clickjacking, which enables a PC to be infected with malicious software simply by clicking a disguised link on a Web page. All browsers are equally vulnerable, and there appears to be no sure solution, at least in the short term. Even disabling JavaScript and other advanced Web features won't prevent an infection.

Does this mean you should cancel your broadband account and dig out the ham radio? I don't recommend … Read more