ClickJacking hijacks all browsers

Never heard of clickjacking before. Sounds like some fear mongering.
On google practically any article on it has something to do with this plugin.
 
Plague, pestilence, death and destruction will ensue the mere clicking of a link? C'mon.

Why is a hidden link any more dangerous than a visable link? And, anyway, why would you be clicking on a link that you can't see? Sixth sense?
 
Actually IE does not need any plugin as it does not allow cross domain scripting.
At first I thought the article was a little lean on facts, so I tried to lean more from the internet, and the guys who "discovered" the so called threat are even more frugal with actual facts that make any sense. I'm gonna write this one down as bull$hit.
 
HBee said:
Actually IE does not need any plugin as it does not allow cross domain scripting.
At first I thought the article was a little lean on facts, so I tried to lean more from the internet, and the guys who "discovered" the so called threat are even more frugal with actual facts that make any sense. I'm gonna write this one down as bull$hit.
Click to expand...

Sure bud.

Shouldn't the FF plug-in slow down browsing a bit because its monitoring everything the user does?
 
lilGr said:
Sure bud.

Shouldn't the FF plug-in slow down browsing a bit because its monitoring everything the user does?
Click to expand...

Hi

I haven't really noticed much slow down. I use the plugin to block Javascript for every site other than the ones I trust so I don't really care about the click blocking. I also don't get what all the fuss is about...
 
This technique has actually been around for a while - it's used especially on phishing sites. In it's most primitive form, an element (usually an iframe) containing a link to a potentially malicious location is placed on top of an identical looking button or clickable image element. So while the user thinks they are clicking a legitimate button or link, they are actually clicking an imposter.
 
IE might not need Jesus (seeing that it has no soul) but guarantee you it needs to be kicked out by the door just like the whole Microsoft suite
 
<moLe> said:
IE might not need Jesus (seeing that it has no soul) but guarantee you it needs to be kicked out by the door just like the whole Microsoft suite
Click to expand...
If you don't like it .. don't use it :)


But yea.. this "threat" sounds little bit limited. Yes.. I will enter my banking details after visiting a non-banking website that redirects me to my banking site. Yes... don't check for SSL etc.

Edit: Just think how many hits their website gets now with this "ClickJacking"... they are getting lots of $$ and attention..
 
Last edited:
<moLe> said:
IE might not need Jesus (seeing that it has no soul) but guarantee you it needs to be kicked out by the door just like the whole Microsoft suite
Click to expand...
With so many users that run IE everyday are you trying to fart into the wind or what ?
 
hmm ... just not into Microsoft's way of doing business hey. Maybe an irrational statement I made. Sure sometimes I get carried away and suppose this was one of those times. My sincerest apologies.. but still don't approve of the Micronopoly
 
<moLe>, what does ClickJacking have to do with Microsoft? It's obvious that you detest Microsoft but to infer that they are somehow to blame for this problem is just lame. The article clearly states that this attack or phising method effects all browsers, not jut IE.
 
Last edited:
<moLe> said:
hmm ... just not into Microsoft's way of doing business hey. Maybe an irrational statement I made. Sure sometimes I get carried away and suppose this was one of those times. My sincerest apologies.. but still don't approve of the Micronopoly
Click to expand...
I know that feeling. I don't approve of Applelopoly or Telkomopoly :p
 
Blah! said:
<moLe>, what does ClickJacking have to do with Microsoft? It's obvious that you detest Microsoft but to infer that they are somehow to blame for this problem is just lame. The article clearly states that this attack or phising method effects all browsers, not jut IE.
Click to expand...
But firefox atleast showed signs of putting in an effort to deffer these attacks
 
There will be found other ways and means to hijack browser sessions... this war is not over yet.

I have a couple of suggestions on how to apply this clickjacking, but will not post it here...
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X