Skip to main content

Clickjacking "Browser Exploit"

Clickjacking is a term used by two security experts Robert “RSnake” Hansen and Jeremiah Grossman to define a new major web attack that could potentially affect millions of web users.This threat exploits the bug that is present in "One of the Adobe products" but Jeremiah and Robert believe that the clickjacking flaw ultimately lies in the way that Internet browsers are designed.According to Grossman
"If I control what you click on, how much bad can I do? It turns out you can do a number of really, really bad things."

What makes the attack noteworthy is that this attack is compatible with all browsers and their all versions be it Firefox,IE,Opera,Safari or any other browser.Jeremiah and Robert were going to demonstrate this attack on Open Web Application Security Project (OWASP) in New York City this week but on Adobe's request they postponed their demonstration so that the Adobe can contact all web browser vendors and can release a patch for this exploit.

The Approach:: In a clickjacking attack, the attacker tricks the victim into clicking on malicious Web links without realizing it. This type of attack has been known for years, but had not been considered to be particularly dangerous.However, in writing their proof-of-concept code, Hansen and Grossman realized that clickjacking was actually more serious than they'd first thought.

The Demo::
A small demo of this exploit can be seen on this link (this is just a temporary demo and will not affect your system).Open the link and then open anything on your same web browser and copy some data and try to paste it anywhere.What you see.Now to recover from this just restart your web browser.This demo is a "clipboard hijack" demo and exploits the clipboard.There can be many other types of possible hijack too.

But how much "bad" this exploit can get and how is attack work is still a question that needs to be answered and when are they going to disclose it because releasing the patches will take time .So either we should just "wait and watch" or search out by our own.If any one gets some info then just push a comment on this blog.

Links to check::
ars technica
Adobe's confirmation

Comments

Popular posts from this blog

T Shirt Quotes related to Computers

Last week while searching for some computer related quotes for T Shirt I came across certain quotes that I thought were very good.So I thought why not share these quotes with you.So here are these quotes,pick the one you like or if you have any of your favorites then do share it with us.Here is the list.. "Programmers don't byte, they nibble a bit" "To iterate is human, to recurse divine" " first 90% of the code accounts for the first 90% of the development time. The remaining 10% of the code accounts for the other 90% of the development time" "99% of all girls are beautiful, the rest 1% are in my college "ASC!! a stupid question,get a stupid ANS!" "In cartooned form Atom1 - I have lost an electron. Atom2 - Are you sure? Atom1 - I am positive." "There's no place like 127.0.0.1 (“Home” for the non-geeks)" "YouTube(logo) myspace(logo) and I'll Google(logo) your Yahoo(logo)." " I'm a progr...

Google Facts

The name Google is a spelling error. The founders of the site, Larry page and Sergey Brin , thought they were going for Googol .. Googol is the mathematical term for 1 followed by 100 zeros. Initially, Larry and Sergey Brin called their search engine BackRub , named for its analysis of the of the web's "back links." The reason the google page is so bare is because t he founder didn't know HTML and just wanted a quick interface. The company's first office was in a garage , in Menlo Park, California . Google's first employee was Craig Silverstein, now Google's Director of technology. The basis of Google's search technology is called PageRank that assigns a rank to determine how useful it is. However, that is not why it is called PageRank. It is actually named after Google co-founder Larry Page . It would take 5,707 years for a person to search Google's 3 billion pages . The Google software does it in 0.5 seconds. The logos that appear on ...

If programming languages were cars...

There have been many comparisons between programming languages and different aspects of human life by many individuals .This is one of them , a comparison between programming languages and cars.This post is inspired from the article originally written by Mike Vanier.This is an update to an old series of jokes about computer languages being like cars. Just go through this list and see if you can come out with your own list of comparisons.Here goes the list... The list Ada is a tank. A butt-ugly tank that never breaks down. People laugh uncontrollably if you tell them you drive Ada, but really, do you want to be driving a sports car in a war zone? Assembly Language is a bare engine; you have to build the car yourself and manually supply it with gas while it's running, but if you're careful it can go like a bat out of hell. Assembly Language : YOU are the car. Basic is a simple car useful for short drives to the local shops. Once popular with learner drivers, it has recen...