[Infowarrior] - Adobe warns Clickjackers could take over your web cam

Richard Forno rforno at infowarrior.org
Thu Oct 9 12:19:40 UTC 2008 

Adobe warns Clickjackers could take over your web cam

Put some clothes on, at least

http://www.theinquirer.net/gb/inquirer/news/2008/10/09/clickjacking

By Emma Hughes: Thursday, 09 October 2008, 11:12 AM

YOU'VE HEARD of "hijacking" and more certainly the word " click", but  
you may not have heard of the most ridiculous word blend of the day, "  
clickjacking". But you should be very afraid.

The big red alarm has been sounded, as clickjacking - a malicious  
attack on web servers - is spreading, and spreading fast insecurity  
fear-mongers are warning.

The clickjacking technique is yet another simple but ingenious way of  
revealing all to a prying hacker.

This attack works by directing a user to a pre-determined webpage  
chosen by the hacker, when the user clicks on a seemingly innocent  
link - the hacker is able to gain control of all number of things this  
way including the webcam and the microphone.

Clickjacking, (we'll keep repeating it so it sounds real) has been  
identified as a vulnerability on many browsers, namely Adobe Flash  
Player, Firefox, Internet Explorer, Opera, Safari and Google Chrome.

Giorgio Maone, author of Firefox extension, NoScript told Newsfactor,  
"Clickjacking is a very simple attack to build, and now that the  
details are out, any script kid can try it successfully."

Maone further laments that unfortunately there is no way of tracking  
just how many of these attacks are out there, as there are infinite  
ways to implement such an attack.

Clickjacking was supposed to have been revealed last month at the Open  
Web Application Security Project NYC AppSec conference by Robert  
Hansen of SecTheory and Jeremiah Gorssman of WhiteHat Security who  
discovered but concealed this threat giving Adobe and other browsers a  
chance to come up with a fix.

However, a fix they did not find. Adobe has instead released security  
information for its Flash Player which blocks access to the webcam and  
camera, but due to the many variants of this attack it is seemingly  
impossible to deter altogether.

If someone does manage to come up with a general browser fix, it won't  
be any time soon predicts Maone. µ

More information about the Infowarrior mailing list