Those kooky hackers, what will they think of next? The latest fad sweeping the underground community involves a new type of attack (new in how it's being used, anyway) dubbed 'clickjacking,' whereby surfers click on seemingly harmless websites only to end up unknowingly forfeiting control of their webcam and microphone.
So far, clickjacking has been confirmed to affect Adobe's Flash player and for every major browser, such as Firefox, Internet Explorer, Opera, Safari, and yes, it affects Google's Chrome browser too.
"It is a very serious problem," said Giorgio Maone, author of the NoScript Firefox extension. "Clickjacking is a very simple attack to build, and now that the details are out, any script kid can try it successfully. There's no estimate to the number of trap sites."
Maone went on to warn that clickjacking is impervious to signature-based scanning. Adobe has recognized the threat as being "critical" and is instructing users on how to turn off Flash access to webcams and microphones. But is it a cure all? According to Robert Hansen, CEO of SecTheory, Flash clickjacking represents but a single variant of what could turn out to be a widespread threat, and that the only real fix will be in changing existing web standards, not the individual applications themselves.
Find out how the latest version of NoScript helps Firefox users fight back against clickjacking after the jump.
Two researchers, Alex Pilosov and Anton Kapela, have concocted a technique to exploit the Border Gateway Protocol (BGP) – internet’s core routing protocol. They demonstrated their technique at the DefCon hacker conference in Las Vegas. The threat emanates from the innate credulity of the routing protocol: the BGP apparently is designed to trust all nodes and can be exploited to redirect insane volumes of internet traffic to malevolent networks.
It can be used for spying at a truly unprecedented scale. No, we are not talking about stalking someone on Facebook but nation-state espionage. Millions of users can be exposed within moments of such an attack. A few solutions have already been propounded, but ISPs seem to be watching quietly from the sidelines.
A surge in the volume of stolen data has caused the price of hacked bank and credit card details to fall sharply, Reuters reports. According to researchers for Finjan, a Web security firm, account details with PIN codes that once sold for $100 or more might now only bring in $10 to $20. Taking its place are new types of stolen data, such as patient healthcare information that can be used to commit insurance fraud or to acquire prescription medication to sell on the black market. Other data commanding a high price now includes business information, company personnel files, and intercepted commercial emails.
Click the jump to see what new types of data are commanding a bigger premium, an why your banking institution might not always have your back.