Loading
Clickjacking! Noooooooooo!
As if you didn't have enough to worry about, with the stock market crashing and all your savings going south . . . U.S. CERT issued a warning about a new browser exploit called "clickjacking". Worst of all, it even affects Linux browsers. Yikes! Jeremiah Grossman, founder and CTO of WhiteHat Security, U.S. CERT said, "Clickjacking gives an attacker the ability to trick a user into clicking on something only barely or momentarily noticeable. Therefore, if a user clicks on a Web page, they may actually be clicking on content from another page."
All modern browsers are affected (Internet Explorer, Safari, Firefox, Google Chrome, Opera) and no no fix is available. Sweet! You can, however, mitigate the risks by disabling scripting and plug-ins in your browser. Thereby making the whole point of modern browsers ancient history, or at least pretty much moot. To which I must reply, HOLY PENGUIN GUANO!
Firefox users can, if they want, take the Nyah nyah nyah ground with the NoScript Firefox extension. FlashBlock, Adblock Plus, and CustomizeGoogle are also good. Of course, doing all those things pretty much renders the point of modern browsers moot. Did I mention HOLY PENGUIN GUANO!?
There are plenty of sites covering this story, so read up and decide for yourself if the sky is falling.
______________________
Marcel (Writer and Free Thinker at Large) Gagné
http://www.marcelgagne.com AND www.cookingwithlinux.com
Webcast
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- Designing Electronics with Linux
- New Products
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Dynamic DNS—an Object Lesson in Problem Solving
- Linux Systems Administrator
- Senior Perl Developer
- Technical Support Rep
- UX Designer
- Web & UI Developer (JavaScript & j Query)
- Using Salt Stack and Vagrant for Drupal Development
- Reply to comment | Linux Journal
4 hours 27 min ago - Dynamic DNS
5 hours 1 min ago - Reply to comment | Linux Journal
5 hours 59 min ago - Reply to comment | Linux Journal
6 hours 50 min ago - Not free anymore
10 hours 51 min ago - Great
14 hours 39 min ago - Reply to comment | Linux Journal
14 hours 47 min ago - Understanding the Linux Kernel
17 hours 1 min ago - General
19 hours 31 min ago - Kernel Problem
1 day 5 hours ago
Enter to Win an Adafruit Pi Cobbler Breakout Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Pi Cobbler Breakout Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- 5-21-13, Prototyping Pi Plate Kit: Philip Kirby
- Next winner announced on 5-27-13!
Featured Jobs
| Linux Systems Administrator | Houston and Austin, Texas | Host Gator |
| Senior Perl Developer | Austin, Texas | Host Gator |
| Technical Support Rep | Houston and Austin, Texas | Host Gator |
| UX Designer | Austin, Texas | Host Gator |
| Web & UI Developer (JavaScript & j Query) | Austin, Texas | Host Gator |
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?
Developer Poll
Comments
Don't worry!
NoScript/Firefox prevents possible issues like this...
Thanks
thanks for article.
Dude I've been using Flashblock/NoScript for the last 6 months
And Adblock for at least a year. It doesn't moot the browser experience.. it speeds page loading and keeps me from having to see all that flashing ad nonsense I see on most pages so I can click on the content I want.
sorry you're having such a bad time..
Guess we can all go back to
Guess we can all go back to lynx...
(I _do_ use elinks now and then.)
Browsers are bloated and overrated...
I know I am rowing against the tide here, but I just think browsers have too much functionality. They should stick with simple HTML pages and leave out all that "programmability" crap. Other functionality should be left to specific programs, in true UNIX philosophy. Want to see a movie? Fire up your movie/stream viewer. Want to get e-mail? Use your e-mail reader. Want to chat online? Well, you get the point.
What happened to the good, old KISS principle?
Warning is mainly for VOIP users
Click-jacking supposedly turns on your web-cam and microphone.
What can they do to you if you don't have a web-cam or microphone connected to the internet?
Flashblock isn't that bad
Flashblock allows you to mouse over the Flash content and see the url. If it's from a site you trust, you can click on it and get the content. It's not that much of a hindrance.
Adblock Plus makes surfing
Adblock Plus makes surfing tolerable, not primitive.