Skip to main content

Clickjacking "Browser Exploit"

Clickjacking is a term used by two security experts Robert “RSnake” Hansen and Jeremiah Grossman to define a new major web attack that could potentially affect millions of web users.This threat exploits the bug that is present in "One of the Adobe products" but Jeremiah and Robert believe that the clickjacking flaw ultimately lies in the way that Internet browsers are designed.According to Grossman
"If I control what you click on, how much bad can I do? It turns out you can do a number of really, really bad things."

What makes the attack noteworthy is that this attack is compatible with all browsers and their all versions be it Firefox,IE,Opera,Safari or any other browser.Jeremiah and Robert were going to demonstrate this attack on Open Web Application Security Project (OWASP) in New York City this week but on Adobe's request they postponed their demonstration so that the Adobe can contact all web browser vendors and can release a patch for this exploit.

The Approach:: In a clickjacking attack, the attacker tricks the victim into clicking on malicious Web links without realizing it. This type of attack has been known for years, but had not been considered to be particularly dangerous.However, in writing their proof-of-concept code, Hansen and Grossman realized that clickjacking was actually more serious than they'd first thought.

The Demo::
A small demo of this exploit can be seen on this link (this is just a temporary demo and will not affect your system).Open the link and then open anything on your same web browser and copy some data and try to paste it anywhere.What you see.Now to recover from this just restart your web browser.This demo is a "clipboard hijack" demo and exploits the clipboard.There can be many other types of possible hijack too.

But how much "bad" this exploit can get and how is attack work is still a question that needs to be answered and when are they going to disclose it because releasing the patches will take time .So either we should just "wait and watch" or search out by our own.If any one gets some info then just push a comment on this blog.

Links to check::
ars technica
Adobe's confirmation

Comments

Popular posts from this blog

T Shirt Quotes related to Computers

Last week while searching for some computer related quotes for T Shirt I came across certain quotes that I thought were very good.So I thought why not share these quotes with you.So here are these quotes,pick the one you like or if you have any of your favorites then do share it with us.Here is the list.. "Programmers don't byte, they nibble a bit" "To iterate is human, to recurse divine" " first 90% of the code accounts for the first 90% of the development time. The remaining 10% of the code accounts for the other 90% of the development time" "99% of all girls are beautiful, the rest 1% are in my college "ASC!! a stupid question,get a stupid ANS!" "In cartooned form Atom1 - I have lost an electron. Atom2 - Are you sure? Atom1 - I am positive." "There's no place like 127.0.0.1 (“Home” for the non-geeks)" "YouTube(logo) myspace(logo) and I'll Google(logo) your Yahoo(logo)." " I'm a progr...

Google Facts

The name Google is a spelling error. The founders of the site, Larry page and Sergey Brin , thought they were going for Googol .. Googol is the mathematical term for 1 followed by 100 zeros. Initially, Larry and Sergey Brin called their search engine BackRub , named for its analysis of the of the web's "back links." The reason the google page is so bare is because t he founder didn't know HTML and just wanted a quick interface. The company's first office was in a garage , in Menlo Park, California . Google's first employee was Craig Silverstein, now Google's Director of technology. The basis of Google's search technology is called PageRank that assigns a rank to determine how useful it is. However, that is not why it is called PageRank. It is actually named after Google co-founder Larry Page . It would take 5,707 years for a person to search Google's 3 billion pages . The Google software does it in 0.5 seconds. The logos that appear on ...

Digg Source Code has a "Secret Message"

Recently I came to know about this, the homepage of Digg contains a "Secret Message" . This secret message is in the source code of the Home Page of the website in the form of a comment at the very bottom .After analyzing the code it seems that some physics-lover has worked on the code of the website.The message is ::: This line is a comment and thus not visible on the website but can easily be seen in the source code of the homepage.These are not just random numbers but are a result of very smart physics work done at the Digg labs. What is the significance of these numbers ? Take a guess (Hint :: Relate these numbers to physics)... OK,here is the answer..... 2.01355321270u :: This is the atomic mass of the hydrogen isotope known as D euterium. 137.03599911 :: This is a complicated one and really a geek in physics can figure this out.This is I nverse of the Sommerfield fine-structure constant. 6.6742x10-11m3kg-1s-2 ::The last two numbers are the same.This one is v...