new ClickJacking exploit

[davidnix71]

That affects all browsers except Lynx. I'm using Firefox with ScriptBlock for now. This is apparently so easy (and bad) no one will say what it is until Adobe tries to fix it. http://infosecurity.us/2008/05/07/firefoxs-vietnamese-language-pack-reportedley-infected-with-trojan/?p=1527

Firefox without the Vietnamese language pack, of course.

Scriptblocking loads pages much faster than Adblocking. No pop-ups or pop-unders, but that means some websites will lose money

[Lead Head]

Yikes, seems like Adobe has been having quite a few issues lately with security.

[davidnix71]

The Adobe approved workaround is here:

http://www.adobe.com/support/security/advisories/apsa08-08.html

[Lead Head]

Thanks for the heads up

[Calum]

so this is platform independent? or just ms windows?

also, what wanker at adobe thinks it's acceptable to state that simply not disclosing the details of a potentially exploitable piece of software somehow makes it more secure to use?

the very fact that it is known that there is a vulnerability is bad enough i would say. "more time" is never something a serious software maintainer (certainly one charging money for usage licences!) should have the luxury of when it comes to security vulnerabilities needing patched.

[davidnix71]

The hole is not only platform independent, it's browser independent. It must have something to do with the web plugin.

Lnyx is immune because it is text only. Someone else found the hole and told Adobe. Flash has too many interactive features to be truly safe.

[Lead Head]

Yikes! So this bug affects pretty much every browser with flash and every operating system. Kind of scary how one program can manage to do that.