WARNING on clickjacking.

[no1_vern]

Clickjacking affects almost every browser including Apple Safari, Google Chrome, Microsoft Internet Explorer(ALL versions), Mozilla Firefox, and Opera.

Quote:

A mysterious cross-platform Web browser exploit technique called "Clickjacking" has led to a call to disable all browser scripting and plug-ins until the vulnerability can be addressed.
U.S. CERT on Friday issued a warning about the technique. Citing a September 15 blog post by Jeremiah Grossman, founder and CTO of WhiteHat Security, U.S. CERT said, "Clickjacking gives an attacker the ability to trick a user into clicking on something only barely or momentarily noticeable. Therefore, if a user clicks on a Web page, they may actually be clicking on content from another page."

Quote:

The government security agency also said the flaw affects most Web browsers and that no fix is available, but that risks can be mitigated by disabling scripting and plug-ins in one's browser.
For Firefox users, the NoScript Firefox extension can do that. Grossman in a blog comment posting also suggests the use of security-related plug-ins like FlashBlock, Adblock Plus, and CustomizeGoogle. (Presumably, these plug-ins should not be disabled.)

Clickjacking affects Apple Safari, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, and Opera.

Be careful out there.

[EXreaction]

I don't think clickjacking is any more dangerous than some even simpler attacks. If somebody is able to put raw HTML/Javascript onto a page they can do many other attacks. Even without being able to insert HTML/Javascript one can do similar attacks if someone is able to link to an image through BBCode or avatars for example.

Cross-site request forgery - Wikipedia, the free encyclopedia

Heck, I can run a CSRF on any user through this forum if I wanted to, it is a very simple attack to do.

[no1_vern]

Yes, the exploit is based onits an old concept, BUT this exploit is different in that it affects virtually every browser(only text based browsers are immune) including at least one Adobe product. To stop it we must disable scripting and plug-ins in our browsers.

The fact that personal information can be stolen in this way makes this a particularly nasty exploit IMO.

[EXreaction]

The same thing can be done with any image links, which will affect anything that automatically loads images in the <img> tag.

[Dude111]

This is a frame trick and MOST OF US arent dumb enough to think we are on another site then the one listed in the address bar!!! (And if we are unsure,we just paste links directly in the bar (But alot of people dont know the first thing about this kinda stuff which makes this very dangerous))

More info > http://www.wilderssecurity.com/showthread.php?t=221353

[EXreaction]

No, it isn't a frame trick.

I could be running a similar attack against you now automatically just by your browser loading my avatar.

[Dude111]

Hmmmmmmm

[TimeDeatH]

now remember kids, always where protection when surfing the web (thats why i have avast) and yes ive seen this before
and im not really concerned about my informatio being stolen, i lie to every sight i register, i use a different computer protected by kasperskys to do my shopping

[RicheemxX]

Quote:

Originally Posted by TimeDeatH

now remember kids, always where protection when surfing the web (thats why i have avast) and yes ive seen this before
and im not really concerned about my informatio being stolen, i lie to every sight i register, i use a different computer protected by kasperskys to do my shopping

Neither of which would do anything to protect you against the exploit in question.

[TimeDeatH]

Quote:

Originally Posted by RicheemxX

Neither of which would do anything to protect you against the exploit in question.

then i got random attacks from surfing the web...ill try to get an image next time it happens