Posted 10/10/08 at 10:46:57 AM by Paul Lilly

Those kooky hackers, what will they think of next? The latest fad sweeping the underground community involves a new type of attack (new in how it's being used, anyway) dubbed 'clickjacking,' whereby surfers click on seemingly harmless websites only to end up unknowingly forfeiting control of their webcam and microphone.

So far, clickjacking has been confirmed to affect Adobe's Flash player and for every major browser, such as Firefox, Internet Explorer, Opera, Safari, and yes, it affects Google's Chrome browser too.

"It is a very serious problem," said Giorgio Maone, author of the NoScript Firefox extension. "Clickjacking is a very simple attack to build, and now that the details are out, any script kid can try it successfully. There's no estimate to the number of trap sites." 

Maone went on to warn that clickjacking is impervious to signature-based scanning. Adobe has recognized the threat as being "critical" and is instructing users on how to turn off Flash access to webcams and microphones. But is it a cure all? According to Robert Hansen, CEO of SecTheory, Flash clickjacking represents but a single variant of what could turn out to be a widespread threat, and that the only real fix will be in changing existing web standards, not the individual applications themselves.

Find out how the latest version of NoScript helps Firefox users fight back against clickjacking after the jump.

Read More

Comments 

3

TAGS 

Security, webcam, hackers, clickjacking