Author Topic: new ClickJacking exploit  (Read 2948 times)

davidnix71

  • Member
  • **
  • Posts: 760
  • Kudos: 501
new ClickJacking exploit
« on: 27 September 2008, 16:38 »
That affects all browsers except Lynx. I'm using Firefox with ScriptBlock for now. This is apparently so easy (and bad) no one will say what it is until Adobe tries to fix it. http://infosecurity.us/2008/05/07/firefoxs-vietnamese-language-pack-reportedley-infected-with-trojan/?p=1527

Firefox without the Vietnamese language pack, of course.

Scriptblocking loads pages much faster than Adblocking. No pop-ups or pop-unders, but that means some websites will lose money

Lead Head

  • Global Moderator
  • Member
  • ***
  • Posts: 1,508
  • Kudos: 534
Re: new ClickJacking exploit
« Reply #1 on: 27 September 2008, 17:06 »
Yikes, seems like Adobe has been having quite a few issues lately with security.
sig.

davidnix71

  • Member
  • **
  • Posts: 760
  • Kudos: 501
Re: new ClickJacking exploit
« Reply #2 on: 11 October 2008, 19:54 »

Lead Head

  • Global Moderator
  • Member
  • ***
  • Posts: 1,508
  • Kudos: 534
Re: new ClickJacking exploit
« Reply #3 on: 11 October 2008, 20:20 »
Thanks for the heads up
sig.

Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
Re: new ClickJacking exploit
« Reply #4 on: 14 October 2008, 15:57 »
so this is platform independent? or just ms windows?

also, what wanker at adobe thinks it's acceptable to state that simply not disclosing the details of a potentially exploitable piece of software somehow makes it more secure to use?

the very fact that it is known that there is a vulnerability is bad enough i would say. "more time" is never something a serious software maintainer (certainly one charging money for usage licences!) should have the luxury of when it comes to security vulnerabilities needing patched.
visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism

davidnix71

  • Member
  • **
  • Posts: 760
  • Kudos: 501
Re: new ClickJacking exploit
« Reply #5 on: 15 October 2008, 02:01 »
The hole is not only platform independent, it's browser independent. It must have something to do with the web plugin.

Lnyx is immune because it is text only. Someone else found the hole and told Adobe. Flash has too many interactive features to be truly safe.

Lead Head

  • Global Moderator
  • Member
  • ***
  • Posts: 1,508
  • Kudos: 534
Re: new ClickJacking exploit
« Reply #6 on: 15 October 2008, 20:54 »
Yikes! So this bug affects pretty much every browser with flash and every operating system. Kind of scary how one program can manage to do that.
sig.