Read more articles in Web Application Security Insights
|
 |
| November 14, 2008 | | Clickjacking video showing an attacker taking control of a user’s Webcam and microphone |  While preparing for the big Web seminar next week on “Hacking 101 for Management – How Hackers Attack your Website”, I came across this amazing Clickjacking video.
It’s the best one I’ve seen that shows how you can unknowingly grant someone full access to your Webcam and microphone. Hackers now have the potential to turn every browser into a surveillance zombie. Want to learn more about Clickjacking? See the bullets points below for a brief summary. They will be discussed in further detail at our Web seminar event next Thursday. Sign up today. Clickjacking Overview - What is it?: Attackers trick victims into unknowingly clicking and invoking unwanted requests / transactions.
- Root Cause: Various current browser short-comings (IFRAME behavior) and plug-in vulnerabilities.
- Impact: Attackers let the victim execute unwanted requests/transactions for them, rather than having to find and exploit existing Web app vulnerabilities. This can result in a broad variety of possible exploits.
- Solution: Due to the broad nature of different Clickjacking attack variants, a number of different remediation steps should be considered, such as “frame busting” code, CSRF remediation steps, and the temporary stop of vulnerable plug-ins until fixed versions become available.
by
Lars Ewe, CTO
Lars@cenzic.com | | |
|
|
