Browser information

Posted on October 16, 2008 by admin

All browsers are vulnerable to clickjacking
I will give you some information but there is quite a bit about this subject already on the Internet.

The latest Internet threat cloaks Web links so a wayward click can download malware to your PC without your knowledge.

What’s worse, all browsers and other Web software are susceptible to clickjacking, but you can take steps to reduce the risk.

Clickjacking allows an attacker to use one or more of several new attack scenarios to literally steal your mouse clicks. When you think you’re clicking on a simple button — for example, to see the next page of an article — you may actually be giving the bad guys permission to do something entirely different, such as log on to your online checking account.

By taking advantage of any of a growing number of recently discovered vulnerabilities in Microsoft’s Internet Explorer, Mozilla’s Firefox, Apple’s Safari, and all other Web browsers, criminals can hijack your system by intercepting clicks of what appears to be legitimate links.

The problem doesn’t stop there, however. At least some of the flaws that make clickjacking possible also show up in such popular Web tools as Adobe’s Flash player and Microsoft’s Silverlight streaming-media plug-in.

If somebody can control your clicks, they may be able to get a user to reconfigure the system so they disable security.

Disguised links lurk behind clickable buttons
In clickjacking, surreptitious buttons are “floated” behind the actual buttons that you see on a Web site. When you click the button, you’re not triggering the function that you expected. Instead, the click is routed to the bad guy’s substitute link.

Even users who watch their systems like a hawk can be victimized.

There’s really no way to know if what you’re looking at is real.

The range of browser vulnerabilities that make clickjacking possible include almost every Browser made.

This doesn’t mean there are no protections, however. In fact, one of the most important steps that users can take to protect themselves is to enable JavaScript only for approved sites.

Disabling JavaScript has serious drawbacks, because so much of the Web’s interactivity is driven by JavaScript apps.

Even browsing with JavaScript disabled will not protect against all possible avenues of attack.

Flash apps may activate webcams and mics
Besides browsers, the bad guys can also exploit Web programs such as Adobe’s Flash player.

For instance, one proof-of-concept demonstration shows that a hacker can use the Flash player to take over a PC’s webcam and microphone. Imagine the implications of stalkers eavesdropping on your laptop’s built-in camera and mic.

Clickjacking vulnerabilities don’t stop there; attacks may also be launched via iFrames by using cross-site scripting techniques.

To date, there have been no attacks in the wild, although with proof-of-concept code already out, it’s just a matter of time. (Contributing editor Mark Edwards also mentions Flash exploits in his column today.)

Can you stay safe in a clickjacking world?
Browser and plug-in vendors have joined watchdog organizations in describing what you can do to stay safe.

  • Adobe: The Flash vendor has issued a patched version that will help keep you safe from Flash-based attacks. See the company’s download page. Previously, the company had posted a security advisory containing a workaround. 

  • Mozilla Foundation: Install Giorgio Maone’s open-source NoScript plug-in to block execution of JavaScript except for sites you approve. NoScript is free, though the vendor requests a donation. The add-on lets Firefox users designate the sites on which scripts are allowed to run and blocks JavaScript on all other sites. 

  • Microsoft: To date, the company has taken a noncommittal stance in regard to the clickjacking threat. Microsoft responds to questions by referring users to the company’s Security Support page

  • U.S. Computer Emergency Readiness Team (US-CERT): The agency provides a document that describes how to protect IE, Firefox, Safari, and other browsers from a range of attacks.

Even taking all of the above precautions doesn’t guarantee that your system is 100% immune to the new threat. You’ll need to become more conservative in visiting untrustworthy sites until the applications you use are made more secure.

STAY AWAY FROM PORN SITES
These carry a wide array of malware and other dangers.

When in doubt, ask yourself whether your mom would approve of the site. However, even on sites where you could reasonably expect to be safe from such attacks, you can still be blindsided, so always think twice before you click.

About admin

Computer technician and Microsoft Certified
This entry was posted in Computer information, Malware, Rootkits, Spy-ware, Trojans, Viruses, Worms. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>