http://www.giveawayoftheday.com/forums/topic/4013 Giveaway of the Day Forums » Topic: Be careful: ClickJacking en-US Sun, 12 Feb 2012 07:32:41 +0000 http://bbpress.org/?v=1.0.2 http://www.giveawayoftheday.com/forums/topic/4013#post-43236 Fri, 10 Oct 2008 09:08:57 +0000 hotdoge3 43236@http://www.giveawayoftheday.com/forums/ <p><a href="http://www.adobe.com/support/security/advisories/apsa08-08.html" rel="nofollow">http://www.adobe.com/support/security/advisories/apsa08-08.html</a></p> <p>Flash Player workaround available for "Clickjacking" issue</p> <p>To prevent this potential issue, customers can change their Flash Player settings </p> http://www.giveawayoftheday.com/forums/topic/4013#post-43229 Fri, 10 Oct 2008 06:11:07 +0000 hotdoge3 43229@http://www.giveawayoftheday.com/forums/ <p>add no script, flash block click to turn on info at Firefox. </p> http://www.giveawayoftheday.com/forums/topic/4013#post-43185 Thu, 09 Oct 2008 14:52:31 +0000 copmom 43185@http://www.giveawayoftheday.com/forums/ <p>I just went to firefox and installed the 'no script' plug in for this.. thanks for the heads up! </p> http://www.giveawayoftheday.com/forums/topic/4013#post-43178 Thu, 09 Oct 2008 10:15:53 +0000 my_name_is_brad 43178@http://www.giveawayoftheday.com/forums/ <p>you and I must be on the same page....i came across the same article today.</p> <p>Basically 'clickjacking" is nothing new. It's just a new way to go about it. basically what is happening more often than not is just people using javascript to override default actions.</p> <p>It is very easy to dupe button clicks. in JavaScript each action a user takes gets an event attached to it. Now with a hidden frame, or in some cases a flash or java applet, you can overide the default events.</p> <p>For example, clicking a link raises an onClick, and onUnload event in many browsers. Now it is quite simple to override those events, and there are legit reasons to do so. Visit most government sites and you will be presented with a page that says you are leaving the site if you click a link to an external site.</p> <p>a few rules of thumb</p> <p>1) always check the links that may require sign in<br /> 2) never follow any link that asks you for ANY personal info....even if it's on the next page<br /> 3) set your web cam settings to not be activated by flash (fairly minor risk, but can happen)<br /> 4) probably most important.....ALWAYS ALWAYS ALWAYS shut down and restart your browser before accessing ANY banking info.<br /> 5) just be smart. If it looks odd assume it is </p> http://www.giveawayoftheday.com/forums/topic/4013#post-43177 Thu, 09 Oct 2008 09:23:27 +0000 LeKanaw 43177@http://www.giveawayoftheday.com/forums/ <p><strong>Bonjour Everybody :*)</strong></p> <p>A new type of attack has been <em>discovered</em> called ClickJacking.<br /> To know more<br /> • Read the <a href="http://news.cnet.com/8301-1009_3-10061358-83.html?part=rss&#38;subj=news&#38;tag=2547-1_3-0-20">CNet</a> article.</p> <p>• Here a more detailed <a href="http://hackademix.net/2008/09/27/clickjacking-and-noscript/">article</a> about all this.</p> <p>• There is a demonstration of the attack [even though I must say I didn't quite get what they were trying to show ...] on <a href="http://www.youtube.com/watch?v=gxyLbpldmuU">YouTube</a></p> <p>• And for those of us ridding The Fox, look into your NoScript settings, under the "Plug-Ins" tab.</p> <p>Hope this helps </p>