Alarm Raised For "Clickjacking" Browser Exploit

← Back to Stories (view on slashdot.org)

Alarm Raised For "Clickjacking" Browser Exploit

Posted by timothy on Thursday September 25, 2008 @08:19AM

Shipment Date writes "ZDNet's Zero Day blog has some new information on what looks like a scary new browser exploit/threat affecting all the major desktop platforms — Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, Opera and Adobe Flash. The threat, called Clickjacking, was to be discussed at the OWASP conference but was nixed at the last minute at hte request of affected vendors. From the article: 'In a nutshell, it's when you visit a malicious website and the attacker is able to take control of the links that your browser visits. The problem affects all of the different browsers except something like lynx. The issue has nothing to do with JavaScript so turning JavaScript off in your browser will not help you.'"

32 of 308 comments (clear)

Min score:

Reason:

Sort:

Hurray for us lynx users! by Anonymous Coward · 2008-09-25 08:21 · Score: 5, Funny

*crickets*
1. Re:Hurray for us lynx users! by davester666 · 2008-09-25 09:29 · Score: 2, Funny
  
  Yes, if you use lynx, you get textjack'ed instead...
  
  --
  Sleep your way to a whiter smile...date a dentist!
2. Re:Hurray for us lynx users! by Adambomb · 2008-09-25 09:54 · Score: 4, Funny
  
  Or Holdingdownholdingdownholdingdowncrapupupupenter-jacked.
  
  --
  Ice Cream has no bones.
Go Lynx! by ag3ntugly · 2008-09-25 08:22 · Score: 2, Funny

I knew there was a reason I liked lynx

--
i have a roll of electrical tape.
The first thing I thought of by Anonymous Coward · 2008-09-25 08:23 · Score: 4, Funny

was some weird mouse-mastubation scenario. *shudders*
1. Re:The first thing I thought of by couchslug · 2008-09-25 08:56 · Score: 2, Funny
  
  "The first thing I thought of was some weird mouse-mastubation scenario."
  "Mastubation"?? I'm picturing small rodents with catheters....
  Even my capybara Lemmiwinks thinks THAT is sick.
  
  --
  "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
Never gonna... by null+etc. · 2008-09-25 08:24 · Score: 4, Funny

Oh great. Expect a resurgence in rickrolls. No one can protect you!
1. Re:Never gonna... by nine-times · 2008-09-25 08:44 · Score: 2, Funny
  
  With all the horrible things on the Internet, you're worried about rickrolls? Have some priorities.
  We're all going to end up seeing goatse.cx again.
2. Re:Never gonna... by Joe+Snipe · 2008-09-25 08:55 · Score: 4, Funny
  
  We're all going to end up seeing goatse.cx again.
  yeah but now it will have Rick Astley playing in the background...
  
  --
  Sometimes, life itself is sarcasm...
3. Re:Never gonna... by Kvasio · 2008-09-25 09:07 · Score: 2, Funny
  
  yeah but now it will have Rick Astley playing in the background...
  Do you mean his music or that Rick will be on "giver.jpg" this time?
4. Re:Never gonna... by uxr · 2008-09-25 10:47 · Score: 1, Funny
  
  We're all going to end up seeing goatse.cx again.
  So it's just going to redirect me to my homepage?
Thank Jeebus! by Anonymous Coward · 2008-09-25 08:25 · Score: 5, Funny

Finally I have a legitimate excuse for all the pr0n sites that are in my browser history. No honey, it isn't me, it's a browsers exploit! I swear!
1. Re:Thank Jeebus! by Roberticus · 2008-09-25 08:47 · Score: 5, Funny
  
  Finally I have a legitimate excuse for all the pr0n sites that are in my browser history. No honey, it isn't me, it's a browsers exploit! I swear!
  I don't know how things work for you, but saying that I just got clickjacked is only going to get me into more trouble, not less.
Re:Information by eln · 2008-09-25 08:32 · Score: 5, Funny

It's very similar to the DNS issue from a couple of months back: It's a hugely scary thing that will doom the Internet, but because we're responsible we can't tell you what it is in any detail. However, if you don't patch your browser immediately (patch not yet available), you are fucked.
Have a nice day.
didn't click by big+whiffer · 2008-09-25 08:33 · Score: 4, Funny

i didn't even click on this story; someone must want me to read this...
Re:Konqueror? by eln · 2008-09-25 08:34 · Score: 4, Funny

The summary clearly states that only lynx is not affected. It's pretty obvious what's going on here: the exploit is a nefarious plot to make everyone switch over to lynx, thereby crippling the non-text-based porn industry.
Re:Konqueror? by moderatorrater · 2008-09-25 08:43 · Score: 4, Funny

I knew that sticking with ASCII porn would pay off someday.
zomg Flash is insecure by RockMFR · 2008-09-25 08:45 · Score: 2, Funny

Details at 11.
DETAILS OF THE EXPLOIT! by Anonymous Coward · 2008-09-25 08:49 · Score: 1, Funny

The exploit was first discovered at about 7:30 am after blogger Ryan Naraine's boss noted several "odd" adult sites appeared in mister Nariane's browser history.
So far, the exploit seems confined to browsers on Mr. Nariane's desktop, so users of effected browsers are urged to apply all public OS/browser patches and to stay away from Ryan's desktop.
Re:Information by Kaptainkid · 2008-09-25 08:58 · Score: 5, Funny

For additional support information. Click this link. LOL
Re:Information by AaxelB · 2008-09-25 08:59 · Score: 2, Funny

And, suspicously, TFA itself is hidden behind a link! Do they really expect us to click it??

...I did click it. What a useless article.

It's a fundamental flaw with the way your browser works and cannot be fixed with a simple patch.
Oh no! There's nothing we can do!

In the meantime, the only fix is to disable browser scripting and plugins.
Uh... wha? I thought it didn't have to do with browser scripting and plugins?

So it's big and scary and you can't protect against it, except by taking basic precautions to protect yourself against it. I see.
Re:Information by HikingStick · 2008-09-25 09:01 · Score: 4, Funny

You mean like the way the new Slashdot interface causes a lot of the comments to overlap, so you think you're clicking on that +3 Interesting one and you end up clicking a -1 Troll on the RNC veep candidate in a bikini...except much worse, I mean.

--
I use irony whenever I can, but my shirts are still wrinkled...
Re:Bullshit? by Anonymous Coward · 2008-09-25 09:12 · Score: 1, Funny

Don't trust that link!
Re:Information by lysergic.acid · 2008-09-25 09:12 · Score: 5, Funny

i still don't get it. could you give an analogy involving cars?
Re:Information by Hatta · 2008-09-25 09:13 · Score: 2, Funny

Sounds like our economy right about now.

--
Give me Classic Slashdot or give me death!
Flashbock? by Stanistani · 2008-09-25 09:36 · Score: 2, Funny

Is that a crisp, clean Adobe lager with a nice finish?

--
You can't talk about Wikipedia's flaws on Wikipedia
Emergency Transfer Of Funds Required by jeff_schiller · 2008-09-25 10:07 · Score: 2, Funny

I recommend immediately that $700B be transferred to the browser companies to fix this problem. Furthermore, we must transfer this money by end of the week with no strings attached.

--
Something Witty Goes Here
That's not Lynx! by Anonymous Coward · 2008-09-25 10:14 · Score: 1, Funny

That's Google's first browser :-)
http://googlesystem.blogspot.com/2006/03/google-browser.html
Re:Konqueror? by Anonymous Coward · 2008-09-25 11:16 · Score: 1, Funny

"sticking"
TMI
Re:Information by Cousin+Scuzzy · 2008-09-25 11:28 · Score: 5, Funny

Better? :-P
Well, That's better than simply turning on the radio when you needed to eject.
Re:Turn to Lynx? by Anonymous Coward · 2008-09-25 11:58 · Score: 5, Funny

I hate to burst you bubble, but it does not mean I'm 12. It means that I'm older than sin.
You young'uns these days just don't understand anything that has a black rope coming out the back. It's got to be all "txtm3 or gtfo". 4COL. Well, @TEOTD I have a message for you, young man! GOML* and GAL! --AKAIB
* Get Off My Lawn
Re:Information by Anonymous Coward · 2008-09-25 12:21 · Score: 1, Funny

HikingStick says: " ... and you end up clicking a -1 Troll on the RNC veep candidate in a bikini...except much worse ..."

You mean DNC veep Joe Biden in a bikini?