« previous next »
Pages: [1]   Go Down

Author Topic: Clickjacking  (Read 2858 times)

0 Members and 1 Guest are viewing this topic.

Offline Digerati

  • Microsoft MVP
  • Silver Member
  • Posts: 554
  • Post-Quinquagenarian
Clickjacking
« on: October 23, 2008, 08:39:36 AM »
Logged


Bill (AFE7Ret)
Freedom is NOT Free!
2007 - 2013

Offline AlphaCentauri

  • Anti - Phishing Staff
  • Bronze Member
  • Posts: 201
Re: Clickjacking
« Reply #1 on: October 27, 2008, 03:53:24 PM »
So I'm not sure what the conclusion is. Does Noscript block the exploit, or only some manifestations of it?
Logged

Offline Digerati

  • Microsoft MVP
  • Silver Member
  • Posts: 554
  • Post-Quinquagenarian
Re: Clickjacking
« Reply #2 on: October 27, 2008, 09:13:49 PM »
Quote
So I'm not sure what the conclusion is
I am not sure any one does yet.

http://blogs.techrepublic.com.com/networking/?p=700
Logged
Bill (AFE7Ret)
Freedom is NOT Free!
2007 - 2013

Offline Corrine

  • Microsoft® MVP
  • Visiting Staff
  • Silver Member
  • Posts: 979
  • The Mystical Rose
    • Security Garden
Re: Clickjacking
« Reply #3 on: November 04, 2008, 05:06:03 PM »
Yes, NoScript release 1.8.2 (07Oct08) includes "ClearClick" which disables user interaction with partially obstructed or not clearly visible embedded objects.  ClearClick is enabled by default on untrusted pages.  You can also configure it to work on trusted pages as well (NoScript Options|Plugins). 

(The first reply at http://ha.ckers.org/blog/20081007/clickjacking-details/ was Giorgio Maone, the developer of NoScript.)

Other information/links in my blog post:  Hello ClearClick, Goodbye Clickjacking!

(Note:  the current version of NoScript, with ClearClick, is V. 1.8.3.6.) 
Logged
  

Security Garden
"A day without laughter is a day wasted."
"May the wind sing to you and the sun rise in your heart"

Offline Digerati

  • Microsoft MVP
  • Silver Member
  • Posts: 554
  • Post-Quinquagenarian
Re: Clickjacking
« Reply #4 on: November 04, 2008, 06:05:21 PM »
Sweet! Thanks Corrine.
Logged
Bill (AFE7Ret)
Freedom is NOT Free!
2007 - 2013

Offline Corrine

  • Microsoft® MVP
  • Visiting Staff
  • Silver Member
  • Posts: 979
  • The Mystical Rose
    • Security Garden
Re: Clickjacking
« Reply #5 on: November 04, 2008, 06:23:27 PM »
You're welcome! 

BTW, it should be noted that people who updated Flash to version 9 thinking that protected them against the Flash vulnerability to clickjacking need to do yet another update to version 10.  The version 9 update only helped prevent a clickjacking attack on a Flash Player user’s camera and microphone.  Adobe Flash Player version 10.0.12.36 was released October 15, 2008, and is identified in Issue 2C at http://ha.ckers.org/blog/20081007/clickjacking-details/ as being "fixed". 

Anyone who uses more than one browser (i.e., IE and Firefox), needs to update Flash for both browsers. 
http://www.adobe.com/shockwave/download/alternates/

Check the current Flash version installed on your browser at http://www.adobe.com/products/flash/about/

(Just watch out for any pre-checked extras such as 3rd party toolbars during installation.)

To configure Flash Player settings, see the instructions for the on-line manager at (sorry, another blog post): http://securitygarden.blogspot.com/2008/10/cyber-security-awareness-tip-of-day_19.html
Logged
  

Security Garden
"A day without laughter is a day wasted."
"May the wind sing to you and the sun rise in your heart"
Pages: [1]   Go Up
« previous next »