litenup
Junior Member
- Mar 6, 2008
- 126
- 256
Just saw this article about 'Clickjacking'
Here's a few xerpts
The Fix?
That's pretty much the whole article but here's the page
Appreciate anyone's thoughts on this...and any ideas.
Here's a few xerpts
"In a nutshell, it?s when you visit a malicious website and the attacker is able to take control of the links that your browser visits. The problem affects all of the different browsers except something like lynx. The issue has nothing to do with JavaScript so turning JavaScript off in your browser will not help you. It?s a fundamental flaw with the way your browser works and cannot be fixed with a simple patch. With this exploit, once you?re on the malicious web page, the bad guy can make you click on any link, any button, or anything on the page without you even seeing it happening."
"Ebay, for example, would be vulnerable to this since you could embed javascript into the web page, although, javascript is not required to exploit this. ?It makes it easier in many ways, but you do not need it.? Use lynx to protect yourself and don?t do dynamic anything. You can ?sort of? fill out forms and things like that. The exploit requires DHTML. Not letting yourself be framed (framebusting code) will prevent cross-domain clickjacking, but an attacker can still force you to click any links on their page. Each click by the user equals a clickjacking click so something like a flash game is perfect bait"
The Fix?
"In the meantime, the only fix is to disable browser scripting and plugins. We realize this doesn?t give people much technical detail to go on, but it?s the best we can do right now."
That's pretty much the whole article but here's the page
Code:
http://blogs.zdnet.com/security/?p=1972
Appreciate anyone's thoughts on this...and any ideas.