Author Topic: Clickjacking  (Read 5242 times)

Offline UncleDoug

  • Comodo's Hero
  • *****
  • Posts: 651
Clickjacking
« on: October 16, 2008, 08:27:14 AM »
Melih

 I found this latest article in WindowsSecrets about Clickjacking 
http://windowssecrets.com/2008/10/16/03-All-browsers-are-vulnerable-to-clickjacking
interesting and awakening!

Blocking would be best, but would it interfere with anything?
A browser plugin like Verification Engine should do the trick.  Before clicking browse over the button and it will tell you if the projected link is good and where you intended to go!
But I have found that V.E. works only on the main screen of most sites and not on pages/screens farther down, like and most important a download page, etc.

Thanks
UncleDoug


DarkButterfly

  • Guest
Re: Clickjacking
« Reply #1 on: October 16, 2008, 09:18:54 AM »
Nice article. Thanks for sharing.

It also talks about "Flash apps may activate webcams and mics". In this matter, I have no mic, but the webcam's eye is covered (the "eye" is blinded ;) ).

People could just cover it (the cam's "eye") with black tape, or something like that.

Now the clickjacking, is a total business. I use opera, and use javascript control. Not sure if covers all areas. I doubt it does, for a matter of fact.

Offline The Joker

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 564
  • Let’s put a smile on that face!
Re: Clickjacking
« Reply #2 on: October 16, 2008, 02:22:06 PM »
I use Firefox 3 with NoScript extension up to date, and it has protection against that kinf of attack. Also, Opera 9.60 has that protection.
HP Pavilion DV4 2040BR l Windows 7 SP1 Home Premium x64 l CIS 7.0 BETA (Proactive Security) (AV: Stateful l FW: Safe Mode l HIPS: Safe Mode l Sandbox: Fully Virtualized)

______________________________

It's all part of the plan!

Offline LaserWraith

  • pillow fighting fool
  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 4590
  • I'm going to go out with a bang
Re: Clickjacking
« Reply #3 on: October 16, 2008, 02:25:00 PM »
I use Firefox 3 with NoScript extension up to date, and it has protection against that kinf of attack. Also, Opera 9.60 has that protection.


The new Opera has that protection?
This is  !ot!, but I've been seeing lots of people who are in this "Computer Security Testing Group".  What is it??



Offline eXPerience

  • Left the Forums
  • Comodo's Hero
  • *****
  • Posts: 6958
  • Free Forever !

Offline LaserWraith

  • pillow fighting fool
  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 4590
  • I'm going to go out with a bang

Offline The Joker

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 564
  • Let’s put a smile on that face!
Re: Clickjacking
« Reply #6 on: October 16, 2008, 02:41:32 PM »

The new Opera has that protection?
This is  !ot!, but I've been seeing lots of people who are in this "Computer Security Testing Group".  What is it??




I will look for that. I don't know exactly, but a friend of mine told me.

About Firefox and NoScript, follow: http://hackademix.net/2008/10/08/hello-clearclick-goodbye-clickjacking/
HP Pavilion DV4 2040BR l Windows 7 SP1 Home Premium x64 l CIS 7.0 BETA (Proactive Security) (AV: Stateful l FW: Safe Mode l HIPS: Safe Mode l Sandbox: Fully Virtualized)

______________________________

It's all part of the plan!

Offline UncleDoug

  • Comodo's Hero
  • *****
  • Posts: 651
Re: Clickjacking
« Reply #7 on: October 16, 2008, 04:30:34 PM »
Eduardo
 
You must have this?

Mozilla Foundation: Install Giorgio Maone's open-source NoScript plug-in to block execution of JavaScript except for sites you approve. NoScript is free, though the vendor requests a donation. The add-on lets Firefox users designate the sites on which scripts are allowed to run and blocks JavaScript on all other sites.

Does that mean you need to add any new site you might be interested in going to before you can?  Almost like driving safety on the highway  80 will get you there quicker but 55 will also get you there , just a few minutes longer but more safely.

UncleDoug

Offline LaserWraith

  • pillow fighting fool
  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 4590
  • I'm going to go out with a bang
Re: Clickjacking
« Reply #8 on: October 16, 2008, 04:33:29 PM »
I will look for that. I don't know exactly, but a friend of mine told me.

About Firefox and NoScript, follow: http://hackademix.net/2008/10/08/hello-clearclick-goodbye-clickjacking/

Ok. 

And you don't know about the group you are in?

Offline The Joker

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 564
  • Let’s put a smile on that face!
Re: Clickjacking
« Reply #9 on: October 16, 2008, 04:42:33 PM »
Eduardo
 
You must have this?

Mozilla Foundation: Install Giorgio Maone's open-source NoScript plug-in to block execution of JavaScript except for sites you approve. NoScript is free, though the vendor requests a donation. The add-on lets Firefox users designate the sites on which scripts are allowed to run and blocks JavaScript on all other sites.

Does that mean you need to add any new site you might be interested in going to before you can?  Almost like driving safety on the highway  80 will get you there quicker but 55 will also get you there , just a few minutes longer but more safely.

UncleDoug

Yes, you need to add any new site you might be interested in going to before you can. You visite the site, it requires javascript, if you trust it, you can permanently allow, if not, you can temporarily allow. It's my # 1 extension to firefox. And, after your whitelist grow up, you can export/import it to others firefox sessions.

Ok. 

And you don't know about the group you are in?

http://www.testmypcsecurity.com/join.php
« Last Edit: October 16, 2008, 05:15:07 PM by Eduardo »
HP Pavilion DV4 2040BR l Windows 7 SP1 Home Premium x64 l CIS 7.0 BETA (Proactive Security) (AV: Stateful l FW: Safe Mode l HIPS: Safe Mode l Sandbox: Fully Virtualized)

______________________________

It's all part of the plan!

Offline UncleDoug

  • Comodo's Hero
  • *****
  • Posts: 651
Re: Clickjacking
« Reply #10 on: October 16, 2008, 05:22:17 PM »
Everthing will be fine unless sometime in the future, a trusted site gets hijacked, then clickjacking could be a problem!

UncleDoug

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek