Clickjacking: Net game turns PC into undercover surveillance zombie

Underscoring the severity of a new class of vulnerability known as clickjacking, a blogger has created a proof-of-concept game that uses a PC’s video cam and microphone to secretly spy on the player.The demo, which is available here, appears to be a simple game that tests how quickly a user can click on a series of moving targets. Behind the scenes, it combines a generic clickjacking attack with weaknesses in Adobe’s Flash technology to record the player using the PC’s video camera and microphone.
http://www.theregister.co.uk/2008/10/07/clickjacking_surveillance_zombie/‘Clickjackers’ could hijack Webcams, microphones, Adobe warns
Adobe Systems Inc. warned users Tuesday that hackers could use recently-reported “clickjacking” attack tactics to secretly turn on a computer’s microphone and Web camera.Flash on all platforms is susceptible to clickjacking attacks, Adobe said in an advisory posted Tuesday. By duping users into visiting a malicious Web site, hackers could hijack seemingly-innocent clicks that, in reality, would be used to grant the site access to the computer’s Webcam and microphone without the user’s knowledge.
http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9116558Details of Clickjacking Attack Revealed With Online Spying Demo
A researcher has “hacked” the mysterious clickjacking attack and today posted a demonstration in his blog on how the Web-borne attack works.Details of the dangerous clickjacking attack have been closely held by the two researchers who discovered it — Jeremiah Grossman and Robert “RSnake” Hansen — at the request of Adobe, which wanted more time to patch its software from the attack, although the attack has to do with the way browsers and the Web work.
http://www.darkreading.com/document.asp?doc_id=165431Firefox Extension Blocks Dangerous Web Attack [IDG]
A popular free security tool for the Firefox browser has been upgraded to block one of the most dangerous and troubling security problems facing the Web today.NoScript is a small application that integrates into Firefox. It blocks scripts in programming languages such as JavaScript and Java from executing on untrusted Web pages. The scripts could be used to launch an attack on a PC.The latest release of NoScript, version 1.8.2.1, will stop so-called “clickjacking,” where a person browsing the Web clicks on a malicious, invisible link without realizing it, said Giorgio Maone, an Italian security researcher who wrote and maintains the program.
http://www.infoworld.com/article/08/10/08/Firefox_extension_blocks_dangerous_Web_attack_1.html
www.pcworld.com/businesscenter/article/152025/firefox_extension_blocks_dangerous_web_attack.html
http://pcworld.idg.com.au/index.php/id;1814390854

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.