Clickjacking the latest in virus deployment?. View previous topic :: View next topic  


NFOHump.com Forum Index - General chatter
Page 1 of 1
CaptainCox
VIP Member



Posts: 6823
Location: A Swede in Germany (FaM)
PostPosted: Wed, 1st Oct 2008 06:47    Post subject: Clickjacking the latest in virus deployment?.
Just read about this, maybe it's old or?.
Quote:
Clickjacking is an attack where a user clicks on a button in a browser, thinking the button will perform a specific function, such submitting a news story to Digg, but instead an attacker hijacks the button to use it for another purpose. The vulnerability is "obviously scary enough for Adobe to call it a critical issue and ask for more time, even though they were only indirectly affected

FULL STORY

I guess there is no wide spread threat, but it's a pretty clever way of doing it Wink.
Back to top
SycoShaman
VIP Master Jedi



Posts: 24468
Location: Toronto, Canada
PostPosted: Wed, 1st Oct 2008 06:53    Post subject:
Clever fuckin hackers.

See, that reinforceses what i believe. By the time whatever company comes out with some "fix" to some problem, hackers/crackers/etc are 3 steps ahead of em.

And by the time the companies figure it out, the hackers dont use it anymore and are on to their next exploit

I tip my hat to hackers....well, white hat hackers
Back to top
tainted4ever
VIP Member



Posts: 11336
PostPosted: Wed, 1st Oct 2008 07:03    Post subject:
Eh I don't understand. Fool the user to click a button on a malicious webpage? That's not new.

Sense Amid Madness, Wit Amidst Folly
Back to top
CaptainCox
VIP Member



Posts: 6823
Location: A Swede in Germany (FaM)
PostPosted: Wed, 1st Oct 2008 07:17    Post subject:
Well my understanding is a bit different. In this case it might be a valid button/link etc, but there would be an "invisible" button below it, and that's the one you actually click.
Sort of explained here.
Quote:
"Think of any button on any Web site that you can get to appear between the browser walls," he said last Friday. "Wire transfers on banks, Digg buttons, CPC advertising banners, Netflix queue..., the list is virtually endless and these are relatively harmless examples. Next, consider that an attack can invisibly hover these buttons below the users' mouse, so that when they click on something they visually see, they actually are clicking on something the attacker wants them to."

In plain English, clickjacking lets hackers and scammers hide malicious stuff under the cover of the content on a legitimate site. You know what happens when a car-jacker takes a car? Well, click-jacking is like that, except that click is the car.


Pretty extensive 3 page article here
LINK
Back to top
Pfiemelcheese




Posts: 1382
Location: Usually talking from my arse
PostPosted: Thu, 2nd Oct 2008 10:37    Post subject:
I too am a white hat hacker you know, if certain kinds of women push my button all sorts of white exploits fly across their face, dunno if its the same kind, but it sure fucks them up sometimes Laughing
Back to top
leroy15b
Banned



Posts: 293
Location: Dutch HigH Lands
PostPosted: Thu, 2nd Oct 2008 11:06    Post subject:
SycoShaman wrote:
Clever fuckin hackers.

See, that reinforceses what i believe. By the time whatever company comes out with some "fix" to some problem, hackers/crackers/etc are 3 steps ahead of em.

And by the time the companies figure it out, the hackers dont use it anymore and are on to their next exploit

I tip my hat to hackers....well, white hat hackers



This are just the stupid xploits. "Hackers" have much other exploits but they just keep them priv8. If the exploit is rly good. Or even sell it or but into a botnet spread or something.
Sometime back the java 0day exploit became public. So then every1 could but his malware on site and have ppl exploited with a java question they then accept to be infected.
After that malware on sites xploided.

New laptop: i7-3630QM / 8GB / Nvidia 650M 1GB / 500GB

NPiracy wrote:
If I buy the game I actually on my way the little mine helpful and contribute to the company to develop. (GTA4/360)
Back to top
Pfiemelcheese




Posts: 1382
Location: Usually talking from my arse
PostPosted: Thu, 2nd Oct 2008 11:37    Post subject:
leroy15b wrote:
This are just the stupid xploits. "Hackers" have much other exploits but they just keep them priv8. If the exploit is rly good. Or even sell it or but into a botnet spread or something.
Sometime back the java 0day exploit became public. So then every1 could but his malware on site and have ppl exploited with a java question they then accept to be infected.
After that malware on sites xploided.


And now in comprehensible english plz, me no understandy jitterish, add a little punctuation as well, oooh and just learn english.
Back to top
Xenthalon




Posts: 1722
Location: Germany
PostPosted: Thu, 2nd Oct 2008 13:37    Post subject:
Look at this awesome clickjacking link! Am I a 1337 h4x0r now?

http://www.google.com/
Back to top
Page 1 of 1 All times are GMT + 1 Hour
NFOHump.com Forum Index - General chatter
Signature/Avatar nuking: none (can be changed in your profile)  


Display posts from previous:   

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB 2.0.8 © 2001, 2002 phpBB Group