Posts tagged ‘click-jacking’
Searched for a cure yet again; yet again there’s none. The pain increases daily, though each night I go to bed somehow thinking it couldn’t get worse. Pray for me, to an unknown God?
Read this short & concise post by Ryan Naraine. It will take just a little clearer, maybe. It’s going to be a pain. I mean, the whole bit. However, having watched the Internet grow from nothing…it’s absolutely nothing new. Being a pain, that is, and being a security threat (like mIRC, which I haven’t even thought about for nearly 20 years).
Firefox’s NoScript add-on will disable the vulnerabilities to an extent, at least; the update earlier was from an Israeli security researcher. Cat out of the bag, the rest were revealed. What do I mean? the original researchers, Hansen and Grossman, were persuaded by Adobe not to let the secrets out until a fix was available. The second link will allow you to peruse and become paranoid, if you like.
The problem? Ever play games on, say, Pogo? like chess? With Firefox and NoScript, you won’t. A great many of the things we take for granted on the Internet today are also implicitly security vulnerabilities. Bear in mind that nothing is actually secure at this point unless you want to go back to Morse code. Oops, that’ll be illegal soon; the telephone companies need the bandwidth.
Adobe’s released an advisory on how to fix the problem. I suggest any reader go here first. Here is some more information on it. Basically, the whole thing is a vulnerability that would allow you…to allow anyone…access to your camera and microphone, at least. I went to the Adobe site and followed the advice, even though I don’t have a camera or mike hooked up to my computer. Anything you can do to protect yourself is strongly indicated.
P.S. Bear in mind with the current economic situation that rogue programmers will have even more of an incentive. Really watch the social engineering tactics; they will rise, in my opinion. (I don’t generally use ‘newspeak’ [Aldous Huxley] as in IMHO.)
Here is an article on the click-jacking I mentioned. Patch Tuesday is coming up, and there are some patches; once again, apply them. Be aware for now that there is nothing to do to absolutely guard against the hi-jacking of your browser, which is one of the reasons I’ve repeatedly recommended both Web of Trust and Haute Secure.
P.S. Watch out for searches on Web of Trust, since they can lead directly to badware sites. I’m using that (still) rather than malware, simply because ‘malware’ sounds a bit too dignified. After all, the first exploits were simply spam with a tag or two…
When I refer to searches, specifically things like the Crawler search, which simply has been under-utilized.