Clickjacking! Noooooooooo!

As if you didn't have enough to worry about, with the stock market crashing and all your savings going south . . . U.S. CERT issued a warning about a new browser exploit called "clickjacking". Worst of all, it even affects Linux browsers. Yikes! Jeremiah Grossman, founder and CTO of WhiteHat Security, U.S. CERT said, "Clickjacking gives an attacker the ability to trick a user into clicking on something only barely or momentarily noticeable. Therefore, if a user clicks on a Web page, they may actually be clicking on content from another page."

All modern browsers are affected (Internet Explorer, Safari, Firefox, Google Chrome, Opera) and no no fix is available. Sweet! You can, however, mitigate the risks by disabling scripting and plug-ins in your browser. Thereby making the whole point of modern browsers ancient history, or at least pretty much moot. To which I must reply, HOLY PENGUIN GUANO!

Firefox users can, if they want, take the Nyah nyah nyah ground with the NoScript Firefox extension. FlashBlock, Adblock Plus, and CustomizeGoogle are also good. Of course, doing all those things pretty much renders the point of modern browsers moot. Did I mention HOLY PENGUIN GUANO!?

There are plenty of sites covering this story, so read up and decide for yourself if the sky is falling.

______________________

Marcel (Writer and Free Thinker at Large) Gagné
http://www.marcelgagne.com AND www.cookingwithlinux.com

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Don't worry!

Anonymous's picture

NoScript/Firefox prevents possible issues like this...

Thanks

ForumTRance's picture

thanks for article.

Dude I've been using Flashblock/NoScript for the last 6 months

Kevin G's picture

And Adblock for at least a year. It doesn't moot the browser experience.. it speeds page loading and keeps me from having to see all that flashing ad nonsense I see on most pages so I can click on the content I want.

sorry you're having such a bad time..

Guess we can all go back to

waparmley's picture

Guess we can all go back to lynx...

(I _do_ use elinks now and then.)

Browsers are bloated and overrated...

El Perro Loco's picture

I know I am rowing against the tide here, but I just think browsers have too much functionality. They should stick with simple HTML pages and leave out all that "programmability" crap. Other functionality should be left to specific programs, in true UNIX philosophy. Want to see a movie? Fire up your movie/stream viewer. Want to get e-mail? Use your e-mail reader. Want to chat online? Well, you get the point.

What happened to the good, old KISS principle?

Warning is mainly for VOIP users

Anonymous's picture

Click-jacking supposedly turns on your web-cam and microphone.

What can they do to you if you don't have a web-cam or microphone connected to the internet?

Flashblock isn't that bad

Kevin S.'s picture

Flashblock allows you to mouse over the Flash content and see the url. If it's from a site you trust, you can click on it and get the content. It's not that much of a hindrance.

Adblock Plus makes surfing

mark zero's picture

Adblock Plus makes surfing tolerable, not primitive.

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState