PDA

View Full Version : All browsers are vulnerable to clickjacking


Heinz68
10-20-08, 09:47 AM
All browsers are vulnerable to clickjacking

Stuart Johnston By Stuart J. Johnston

The latest Internet threat cloaks Web links so a wayward click can download malware to your PC without your knowledge.

What's worse, all browsers and other Web software are susceptible to clickjacking, but you can take steps to reduce the risk.

Clickjacking allows an attacker to use one or more of several new attack scenarios to literally steal your mouse clicks. When you think you're clicking on a simple button for example, to see the next page of an article you may actually be giving the bad guys permission to do something entirely different, such as log on to your online checking account.

By taking advantage of any of a growing number of recently discovered vulnerabilities in Microsoft's Internet Explorer, Mozilla's Firefox, Apple's Safari, and all other Web browsers, criminals can hijack your system by intercepting clicks of what appear to be legitimate links.

The problem doesn't stop there, however. At least some of the flaws that make clickjacking possible also show up in such popular Web tools as Adobe's Flash player and Microsoft's Silverlight streaming-media plug-in.

"If they can control where your clicks are going, they may be able to get a user to reconfigure the system so they disable security," Ed Skoudis, a security instructor for the SANS Institute, told Windows Secrets. Skoudis is also co-founder of the security firm InGuardians.
Read more at [URL="All browsers are vulnerable to clickjacking Stuart Johnston By Stuart J. Johnston The latest Internet threat cloaks Web links so a wayward click can download malware to your PC without your knowledge. What's worse, all browsers and other Web software are susceptible to clickjacking, but you can take steps to reduce the risk. Clickjacking allows an attacker to use one or more of several new attack scenarios to literally steal your mouse clicks. When you think you're clicking on a simple button for example, to see the next page of an article you may actually be giving the bad guys permission to do something entirely different, such as log on to your online checking account. By taking advantage of any of a growing number of recently discovered vulnerabilities in Microsoft's Internet Explorer, Mozilla's Firefox, Apple's Safari, and all other Web browsers, criminals can hijack your system by intercepting clicks of what appear to be legitimate links. The problem doesn't stop there, however. At least some of the flaws that make clickjacking possible also show up in such popular Web tools as Adobe's Flash player and Microsoft's Silverlight streaming-media plug-in. "If they can control where your clicks are going, they may be able to get a user to reconfigure the system so they disable security," Ed Skoudis, a security instructor for the SANS Institute, told Windows Secrets. Skoudis is also co-founder of the security firm InGuardians.
Read more at WindowsSecrets
http://windowssecrets.com/2008/10/16/03-All-browsers-are-vulnerable-to-clickjacking
NOTE: The WindowsSecrets page also has reviews for many best free software.

crainger
10-23-08, 12:08 AM
Good thing Chrome is immune.