t e c h i e - t a l k s ::: technology at its best

technology at its best

t e c h i e - t a l k s ::: technology at its best header image 2
HOW TO: Install Network Simulator 2 & Network animator (NSnam) on Ubuntu Hardy AMD Processor Roadmap and New Launch Dates Revealed

Clickjacking: Your worst browser nightmare (not even Macs or Linux OS are spared).

September 26th, 2008 · 1 Comment

Researchers have found an exploit in the designs of modern browsers which is now termed the “most dangerous exploit” ever. It was so highly classified that very little was disclosed after a closed door meeting between the researchers and the browser developers. Till now, no developer (not even Microsoft or Firefox developers) have release any date of a possible patch for the exploits.

And if you were thinking that you might be spared because you aren’t on Windows, think again. The exploit affects all browsers regardless of your underlying OS. Thus, even the Macs and the Linux-es aren’t spared from the exploit. Not much information was actually being released about the exploit. Vendors only said that more information will be released once a comprehensive fix is available. That sums out how bad the situation is right now.

So what is Clickjacking all about? According to zdnet.com

 In a nutshell, it’s when you visit a malicious website and the attacker is able to take control of the links that your browser visits.  The problem affects all of the different browsers except something like lynx.  The issue has nothing to do with JavaScript so turning JavaScript off in your browser will not help you.  It’s a fundamental flaw with the way your browser works and cannot be fixed with a simple patch.  With this exploit, once you’re on the malicious web page, the bad guy can make you click on any link, any button, or anything on the page without you even seeing it happening.

Just to illustrate a scenario. If you happen to visit a malicious site that runs javascript with access to links of private data like your paypal or bank details (for example an ebay page running malicious javascript), you could be clicking and buying paying things or even release your private data without even knowing it. This example illustrates only the tip of the iceberg. Imagine the possibilities of what hijacking your mouse-clicks could do to your system.

To date, it has been confirmed that the latest versions of the Internet Explorer  (IE7 and above) and Firefox 3 are affected by the exploit. My advice now is to be weary of all the websites that you visit till a patch is in the pipleline. It has always been the rule-of-thumb to not visit malicious looking websites or click any links sent through anonymous e-mail senders. Be vigilant and stay safe on the web.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Tags: Techie news · Software

1 response so far ↓

  • 1 juzadude // Sep 26, 2008 at 11:13 am

    Oh my! I hope they come out with a solution soon. I want a peace-of-mind while surfing, pls!

Leave a Comment



Your Ad Here