Stop Microsoft

Miscellaneous => Programming & Networking => Topic started by: davidnix71 on 27 September 2008, 16:38

Title: new ClickJacking exploit
Post by: davidnix71 on 27 September 2008, 16:38
That affects all browsers except Lynx. I'm using Firefox with ScriptBlock for now. This is apparently so easy (and bad) no one will say what it is until Adobe tries to fix it. http://infosecurity.us/2008/05/07/firefoxs-vietnamese-language-pack-reportedley-infected-with-trojan/?p=1527

Firefox without the Vietnamese language pack, of course.

Scriptblocking loads pages much faster than Adblocking. No pop-ups or pop-unders, but that means some websites will lose money
Title: Re: new ClickJacking exploit
Post by: Lead Head on 27 September 2008, 17:06
Yikes, seems like Adobe has been having quite a few issues lately with security.
Title: Re: new ClickJacking exploit
Post by: davidnix71 on 11 October 2008, 19:54
The Adobe approved workaround is here:

http://www.adobe.com/support/security/advisories/apsa08-08.html (http://www.adobe.com/support/security/advisories/apsa08-08.html)
Title: Re: new ClickJacking exploit
Post by: Lead Head on 11 October 2008, 20:20
Thanks for the heads up
Title: Re: new ClickJacking exploit
Post by: Calum on 14 October 2008, 15:57
so this is platform independent? or just ms windows?

also, what wanker at adobe thinks it's acceptable to state that simply not disclosing the details of a potentially exploitable piece of software somehow makes it more secure to use?

the very fact that it is known that there is a vulnerability is bad enough i would say. "more time" is never something a serious software maintainer (certainly one charging money for usage licences!) should have the luxury of when it comes to security vulnerabilities needing patched.
Title: Re: new ClickJacking exploit
Post by: davidnix71 on 15 October 2008, 02:01
The hole is not only platform independent, it's browser independent. It must have something to do with the web plugin.

Lnyx is immune because it is text only. Someone else found the hole and told Adobe. Flash has too many interactive features to be truly safe.
Title: Re: new ClickJacking exploit
Post by: Lead Head on 15 October 2008, 20:54
Yikes! So this bug affects pretty much every browser with flash and every operating system. Kind of scary how one program can manage to do that.