Clickjacking is a term used by two security experts Robert “RSnake” Hansen and Jeremiah Grossman to define a new major web attack that could potentially affect millions of web users.This threat exploits the bug that is present in "One of the Adobe products" but Jeremiah and Robert believe that the clickjacking flaw ultimately lies in the way that Internet browsers are designed.According to Grossman
What makes the attack noteworthy is that this attack is compatible with all browsers and their all versions be it Firefox,IE,Opera,Safari or any other browser.Jeremiah and Robert were going to demonstrate this attack on Open Web Application Security Project (OWASP) in New York City this week but on Adobe's request they postponed their demonstration so that the Adobe can contact all web browser vendors and can release a patch for this exploit.
The Demo:: A small demo of this exploit can be seen on this link (this is just a temporary demo and will not affect your system).Open the link and then open anything on your same web browser and copy some data and try to paste it anywhere.What you see.Now to recover from this just restart your web browser.This demo is a "clipboard hijack" demo and exploits the clipboard.There can be many other types of possible hijack too.
But how much "bad" this exploit can get and how is attack work is still a question that needs to be answered and when are they going to disclose it because releasing the patches will take time .So either we should just "wait and watch" or search out by our own.If any one gets some info then just push a comment on this blog.
Links to check::
ars technica
Adobe's confirmation
"If I control what you click on, how much bad can I do? It turns out you can do a number of really, really bad things."
What makes the attack noteworthy is that this attack is compatible with all browsers and their all versions be it Firefox,IE,Opera,Safari or any other browser.Jeremiah and Robert were going to demonstrate this attack on Open Web Application Security Project (OWASP) in New York City this week but on Adobe's request they postponed their demonstration so that the Adobe can contact all web browser vendors and can release a patch for this exploit.
The Approach:: In a clickjacking attack, the attacker tricks the victim into clicking on malicious Web links without realizing it. This type of attack has been known for years, but had not been considered to be particularly dangerous.However, in writing their proof-of-concept code, Hansen and Grossman realized that clickjacking was actually more serious than they'd first thought.
The Demo:: A small demo of this exploit can be seen on this link (this is just a temporary demo and will not affect your system).Open the link and then open anything on your same web browser and copy some data and try to paste it anywhere.What you see.Now to recover from this just restart your web browser.This demo is a "clipboard hijack" demo and exploits the clipboard.There can be many other types of possible hijack too.
But how much "bad" this exploit can get and how is attack work is still a question that needs to be answered and when are they going to disclose it because releasing the patches will take time .So either we should just "wait and watch" or search out by our own.If any one gets some info then just push a comment on this blog.
Links to check::
ars technica
Adobe's confirmation
Comments