A browser exploit that exploits them all!
 

http://blogs.zdnet.com/security/?p=1972&tag=nl.e589

Researchers are beginning to raise an alarm for what looks like a scary new browser exploit/threat affecting all the major desktop platforms ? Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, Opera and Adobe Flash.

The threat, called Clickjacking, was to be discussed at the OWASP NYC AppSec 2008 Conference but, at the request of Adobe and other affected vendors, the talk was nixed until a comprehensive fix is ready.

can you say Zango

know anything specific Stuey?

I think this has been going on for awhile, years..

I use click heat maps all over the place, one of them being on my warning page. I found that people kept clicking the words/text in the body that wasn't linked. Words like, Sexually Explicit, along with other very common words.

So, what I did was set a span tag on the words to split them up and changed a few words to graphics.

What I found was people quit clicking on the words. So, by simple deduction I came to the conclusion that some spyware/virus, toolbar, ect was replacing popular words on my warning pages, with links - that people would click.

Pretty much from that point I knew that some how, some way, people could steal clicks too and I would have no way of knowing it.

So hearing about this now finally means it will be corrected.

Not a whole lot as the guys who discovered it and the companies that are aware of it are all being very tight lipped about it. But apparently it's something very inherent with how all of the browsers work so a patch won't fix it.

Here's a "guess" at what it's doing:

http://www.webadminblog.com/index.ph...psec-nyc-2008/

Wow, seems quite serious that nobody can talk about it. I look forward to seeing what it is as it seems no fix is going to be available for some time either :)
WG