- Staff
- #1
http://www.switched.com/2009/01/29/clickjacking-threat-hits-firefox-and-chrome/
'Clickjacking' Threat Hits Firefox and Chrome
by Tim Stevens, Posted Jan 29th 2009 at 3:06PM
Another day, another security risk, and while it pains us to bring you all this dire news so frequently, we figure someone has to keep you in the loop. Today's warning has to do with a new type of subversive Internet attack called clickjacking, in which you're tricked into clicking on links or buttons you can't see, possibly granting others access to your personal information. Two of the web's most popular browsers, Firefox and Chrome, have been found to be vulnerable.
Clickjacking is tricking a Web user into clicking on something they didn't want to, possibly on something they can't even see. It's possible to create a hidden overlay over a Web page and, within that hidden page, load up something like the login screen to MySpace. To the user the Web page might appear to be showing a game or the like that requires you to click on various objects, but in reality the user might be clicking on options in MySpace to make his or her information public or, disconcertingly, to change their password. Firefox and Chrome currently have no mechanism for preventing this kind of attack, but, surprisingly, Internet Explorer, a browser many consider to be less secure than the competition, is not susceptible to the attack.
Google has pledged to release a fix in short order, and we presume Firefox will be patched quickly as well. But, the best news is that nobody is actually aware of this sort of exploit being used in the wilds of the Internets so, for now at least, we wouldn't lose any sleep over this one. [From: CNET News]
'Clickjacking' Threat Hits Firefox and Chrome
by Tim Stevens, Posted Jan 29th 2009 at 3:06PM
Another day, another security risk, and while it pains us to bring you all this dire news so frequently, we figure someone has to keep you in the loop. Today's warning has to do with a new type of subversive Internet attack called clickjacking, in which you're tricked into clicking on links or buttons you can't see, possibly granting others access to your personal information. Two of the web's most popular browsers, Firefox and Chrome, have been found to be vulnerable.
Clickjacking is tricking a Web user into clicking on something they didn't want to, possibly on something they can't even see. It's possible to create a hidden overlay over a Web page and, within that hidden page, load up something like the login screen to MySpace. To the user the Web page might appear to be showing a game or the like that requires you to click on various objects, but in reality the user might be clicking on options in MySpace to make his or her information public or, disconcertingly, to change their password. Firefox and Chrome currently have no mechanism for preventing this kind of attack, but, surprisingly, Internet Explorer, a browser many consider to be less secure than the competition, is not susceptible to the attack.
Google has pledged to release a fix in short order, and we presume Firefox will be patched quickly as well. But, the best news is that nobody is actually aware of this sort of exploit being used in the wilds of the Internets so, for now at least, we wouldn't lose any sleep over this one. [From: CNET News]