English Deutsch Español Français Italiano Portuguese Čeština Ελληνικά 中文(简体) 中文 (繁體) Tiếng Việt 日本語 ภาษาไทย Русский Български Nederlands Polski Svenska Norsk Dansk Suomi

McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

SPAMfighter is

Microsoft Gold Certified Partner

SPAMfighter also

Works with Windows Vista

SPAMfighter Exchange Module is Microsoft certified ".net connected".

Microsoft .NET Connected

New Browser Vulnerabilities -“Clickjacking” Pose Fresh Web Threats

Security researchers warned on September 26, 2008 that a recently identified category of vulnerabilities named "clickjacking" could put users at risk while they surfing on any major browser. For instance, the security flaw could affect Microsoft's Internet Explorer, Apple's Safari, Mozilla's Firefox, Google's Chrome, and Opera and no patch is available for it.

The agency to first warn against the clickjacking method was US-CERT. Security specialists state that in clickjacking attacks, the attacker gets its victim to click on a malicious link while the user remains unaware of it.

According to Jeremiah Grossman, Founder and CTO of WhiteHat Security, US-CERT, clickjacking enables an attacker to deceive user into double-clicking on something that is scarcely or temporarily noticeable. Thus, if an end-user opens a Web page, he may be clicking on something malicious from a different page, as reported by InformationWeek on September 26, 2008.

Furthermore, people have been aware of this kind of attack for years, but it had never been regarded as particularly dangerous. Security specialists had thought that it could be employed to commit 'click fraud', or to inflate 'Digg' ratings pertaining to an Internet page.

According to Robert Hansen, Founder and CEO of SecTheory LLC, and one of the two security researchers who talked in detail about the bug at OWASP AppSec 2008 on September 24, 2008, although the clickjacking issue has been linked to browsers, it is far more severe, as reported by ComputerWorld on September 26, 2008.

Hansen further stated that clickjacking resembled 'cross-site request forgery', a known security flaw and attack, also denoted as CSRF or referred to as "sidejacking". However, clickjacking is different from the existing anti-CSRF security provisions packaged with browsers, Web applications and sites.

Hansen also noted that the flaw affects nearly everyone at an elevated level. It works quite differently and is associated with many wide-reaching problems, he said. Attackers in clickjacking technique can trick users into clicking a link they might fail to get the same users to open a link in JavaScript, Hansen added.

» SPAMfighter News - 06-10-2008

SPAMfighter box shot

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail and Thunderbird - Read more

Slow PC? Try SLOW-PCfighter

Optimize your Slow PC for better performance. Try FREE scan now.

 

Exchange spam filter

SPAMfighter Exchange Module is a spam/virus filter for Exchange server - Free 30 days trial

 

Spyware remover

Remove Spyware with SPYWAREfighter - Free 30 days trial

<<<>>>