|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Anyone know anything about clickjacking?
|
On Fri, Sep 26, 2008 at 11:52 AM, Michael Leone <turgon@mike-leone.com> wrote:
> On Fri, Sep 26, 2008 at 11:43 AM, K.S. Bhaskar <bhaskar@bhaskars.com> wrote:
>> http://blogs.zdnet.com/security/?p=1972&tag=nl.e539
>> http://blogs.zdnet.com/security/?p=1733
>>
>> As advertised, the link to the proof of concept in the latter URL put
>> something in my (up to date Kubuntu 8.04 FF3) KDE clipboard.
>
> Using the "NoScript" plugin on FF3.02 on Windows with the 'Disallow
> IFRAME option" set did *not* allow anything to execute at the
> proof-of-concept site ... don't have a Linux box here at work to try
> that out on ...
Well, I went to that site and nothing happened with my Linux based FF2
+ NoScript. So for fun, I click on the flash object (which is not my
normal behavior) and yups, I got http://www.evil.com in FF's clip
board. While this did hijack the middle click, after I selected text
elsewhere I was able to paste that in. Standard copy paste is busted
until you close that browser window.
The text below is proof that I am able to select and paste via middle
click (well, assuming you believe me)
Well, I went to that site and nothing happened with my Linux based FF2
+ NoScript. So for fun, I click on the flash object (which is not my
normal behavior) and yups, I got http://www.evil.com in FF's clip
board. While this did hijack the middle click, after I selected text
elsewhere I was able to paste that in.
Interesting stuff. Even more reason to not view flash objects and
default deny advertising. Yay for NoScript.
Amul
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|