Read on for info on this new security vulnerability, and learn exactly how it works. Lots of people seem to have an opinion on this article at CNET. Do you see this vulnerability as being a big problem for you?
"Most exploits (like worms and attacks that take advantage of holes in software) can be patched, but clickjacking is a design flaw in the way the Web is supposed to work," Grossman said. "The bad guy is superimposing an invisible button over something the user wants to click on...It can be any button on any Web page on any Web site."
The technique was used in a series of prank attacks launched on Twitter in February. In that case, users clicked on links next to tweets that said "Don't Click" and then clicked on a button that said "Don't Click" on a separate Web page. That second click distributed the original tweet to all of the Twitter user's followers, thus propagating itself rather quickly.
At the time, Grossman called it a "harmless experiment," but the potential for harm by an attacker who isn't just having fun is huge.
In a demo at CNET offices on Thursday, Grossman showed how someone could launch a clickjacking attack using Flash to spy on someone by getting them to turn on their computer Web cam without knowing it. (Grossman also appeared on CNET Live to talk about clickjacking.)
Read this full article at CNET
Only registered users can write comments.
Please login or register. Powered by AkoComment! |
