A browser exploit that exploits them all!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • StuartD
    Sofa King Band
    • Jul 2002
    • 29903

    #1

    A browser exploit that exploits them all!

    http://blogs.zdnet.com/security/?p=1972&tag=nl.e589

    Researchers are beginning to raise an alarm for what looks like a scary new browser exploit/threat affecting all the major desktop platforms ? Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, Opera and Adobe Flash.

    The threat, called Clickjacking, was to be discussed at the OWASP NYC AppSec 2008 Conference but, at the request of Adobe and other affected vendors, the talk was nixed until a comprehensive fix is ready.
    This is me on facebook
    This is me on twitter
  • mikesouth
    Confirmed User
    • Jun 2003
    • 6334

    #2
    can you say Zango
    Mike South

    It's No wonder I took up drugs and alcohol, it's the only way I could dumb myself down enough to cope with the morons in this biz.

    Comment

    • uno
      RIP Dodger. BEST.CAT.EVER
      • Dec 2002
      • 18450

      #3
      know anything specific Stuey?
      -uno
      icq: 111-914
      CrazyBabe.com - porn art
      MojoHost - For all your hosting needs, present and future. Tell them I sent ya!

      Comment

      • TheDoc
        Too lazy to set a custom title
        • Jul 2001
        • 13827

        #4
        I think this has been going on for awhile, years..

        I use click heat maps all over the place, one of them being on my warning page. I found that people kept clicking the words/text in the body that wasn't linked. Words like, Sexually Explicit, along with other very common words.

        So, what I did was set a span tag on the words to split them up and changed a few words to graphics.

        What I found was people quit clicking on the words. So, by simple deduction I came to the conclusion that some spyware/virus, toolbar, ect was replacing popular words on my warning pages, with links - that people would click.

        Pretty much from that point I knew that some how, some way, people could steal clicks too and I would have no way of knowing it.

        So hearing about this now finally means it will be corrected.
        ~TheDoc - ICQ7765825
        It's all disambiguation

        Comment

        • StuartD
          Sofa King Band
          • Jul 2002
          • 29903

          #5
          Originally posted by uno
          know anything specific Stuey?
          Not a whole lot as the guys who discovered it and the companies that are aware of it are all being very tight lipped about it. But apparently it's something very inherent with how all of the browsers work so a patch won't fix it.

          Here's a "guess" at what it's doing:

          http://www.webadminblog.com/index.ph...psec-nyc-2008/
          This is me on facebook
          This is me on twitter

          Comment

          • WiredGuy
            Pounding Googlebot
            • Aug 2002
            • 34512

            #6
            Wow, seems quite serious that nobody can talk about it. I look forward to seeing what it is as it seems no fix is going to be available for some time either
            WG
            I play with Google.

            Comment

            Working...