All Browsers and Adobe Vulnerable to “ClickJacking”
Two security researchers were asked by Adobe corporation not to present their findings at the September 24 AppSec conference in New York. The reason….Adobe’s software contains a vulnerability that is very difficult to fix and the public disclosure would release a mass of “clickjacking” incidents on users of the Internet. According to the researchers, not only is Adobe’s software vulnerable but also IE, Firefox, Opera and other browsers.
In a clickjacking attack, the attacker tricks the victim into clicking on a link without realizing it. You have all probably experienced this. The most common one is the popup window that you click on the X to close but it actually opens a new browser session. It’s the preferred method of sleazy pop-up advertising. However the two researchers showed how the use of this technique could wreak havoc on workstations if the link was designed in a specific way.
The only way to protect against this is to turn off your scripting option in your browser, which in today’s world really means, you can’t do anything on the Internet. So again, this is a reminder that if a message received is from someone not known to you, don’t open it. Don’t visit unknown web sites and especially don’t be too curious about web sites on the “dark side” of the Internet; hacker and black hat sites.