Clickjacking is not exactly unknown, though it is one of the few security threats for which there is almost no defense - at least according to Jeremiah Grossman and Robert Hansen, who discovered the "fundamental flaw" and planned to discuss it at the Open Web Application Security Project (OWASP) this week in New York.
"At the time, we believed our discoveries were more in line with generic Web browsers behavior, not traditional 'exploits,' and that guarding against Clickjacking was largely the browser vendors' responsibility," writes Grossman, but once it was discovered that the same exploit can affect Adobe products, Adobe requested they cancel the discussion. Unfortunately, this means that no one outside "a few industry colleagues" (Grossman) know what, exactly, this means - or even is!
Clickjacking is an exploit which forces surfers to "click" on a URL, often hidden or partially visible only for a moment. While details are fuzzy, this much is clear: clickjacking is not a traditional redirect by any method (.htaccess, 301, etc.); if I understand correctly, in order for the user's browser to be clickjacked, the user must click on something on the affected page. The "jacking" comes in there, when the browser is directed to a URL the user/website had not intended as the target.
At this time, the exploit apparently affects all browsers, except very basic, text-based browsers (such as Lynx) - and at least one Adobe product. Grossman and company say the browser companies are at 0-day; they must correct the "fundamental flaw" within the software, as the only other option would be for all webmasters to update all websites (and, I assume, all pages within them)! Even then, browser manufacturers would still need to upgrade their coding.
© C Harris Lynn, 2008
Friday, September 26, 2008
Thursday, September 18, 2008
Anonymous Hacks Palin
The group, Anonymous, has claimed responsibility for the hacking of Governor (and VP candidate) Sarah Palin's personal Yahoo account. Anonymous launched an earlier attack on the Church of Scientology.
The group released personal photos, Palin's address book, and select e-mails. Palin is under investigation for abuse of authority while in power as governor of Alaska. At least one e-mail indicates she had personal contact with political allies.
Per law, any e-mail correspondence regarding official matters is to be archived and not deleted; personal accounts are free from this restriction. The group may have been trying to make public information which would implicate Palin using her personal account(s) for job-related matters, which would violate this law.
Interestingly, Palin's "personal" accounts were "gov.sarah" and "gov.palin." Both accounts have since been confirmed as disabled/deleted.
© C Harris Lynn, 2008
The group released personal photos, Palin's address book, and select e-mails. Palin is under investigation for abuse of authority while in power as governor of Alaska. At least one e-mail indicates she had personal contact with political allies.
Per law, any e-mail correspondence regarding official matters is to be archived and not deleted; personal accounts are free from this restriction. The group may have been trying to make public information which would implicate Palin using her personal account(s) for job-related matters, which would violate this law.
Interestingly, Palin's "personal" accounts were "gov.sarah" and "gov.palin." Both accounts have since been confirmed as disabled/deleted.
© C Harris Lynn, 2008
Friday, September 12, 2008
The Ball (No, the OTHER One)
Well, I could offer-up excuses, but the truth is that I have been under the weather lately and things have just not been going my way. That tends to happen when you are a longhair, living amongst Fundamentalist Christians whose hillbilly ways have led them to believe that Separatism is God's Plan and so forth.
I have simply not felt like doing much more than I have lately and I will not sit here and tell you that anything is likely to change anytime soon. I talked about The Cyberculturalist for months before I decided to actually do it and kept telling everyone that I just didn't have the time; the only reason I did it was so no one else stole the idea; I knew then I did not have the time for it.
But, rest assured, it is set to be a major component of the site, which - as some sci-fi fans are aware - is an allusion to a philosophy, a way of life, as presented in Frank Herbert's Dune books. All I am asking is that you bear with me for a while and let me get it all together.
Thanks!
© C Harris Lynn, 2008
I have simply not felt like doing much more than I have lately and I will not sit here and tell you that anything is likely to change anytime soon. I talked about The Cyberculturalist for months before I decided to actually do it and kept telling everyone that I just didn't have the time; the only reason I did it was so no one else stole the idea; I knew then I did not have the time for it.
But, rest assured, it is set to be a major component of the site, which - as some sci-fi fans are aware - is an allusion to a philosophy, a way of life, as presented in Frank Herbert's Dune books. All I am asking is that you bear with me for a while and let me get it all together.
Thanks!
© C Harris Lynn, 2008
Sunday, September 7, 2008
Back to Business Soon
Yet another "soon" post, I'm afraid, but I just wanted to drop by so you know I haven't forgotten you or The Cyberculturalist. Everything is fine and the blog is not going to be abandoned or anything like that, I am just dealing with some immediate personal issues (Decatur County, TN is notoriously corrupt and I am having to write a lot of letters to a lot of officials in an attempt to get this shit to cease and desist!) and trying to get more of the website online so I can start the arduous task of promoting it.
I am still collecting stories to bring you, so once things do get back to normal, there will most likely be a slew of stuff you have already read (even forgotten about by then!), but I'll have my personal take on them and relate them to other stuff you might not have considered - as always - so hopefully you'll find them worth reading.
In the meanwhile, enjoy the rest of the site and what little there is in the archives.
© C Harris Lynn, 2008
I am still collecting stories to bring you, so once things do get back to normal, there will most likely be a slew of stuff you have already read (even forgotten about by then!), but I'll have my personal take on them and relate them to other stuff you might not have considered - as always - so hopefully you'll find them worth reading.
In the meanwhile, enjoy the rest of the site and what little there is in the archives.
© C Harris Lynn, 2008
Subscribe to:
Posts (Atom)
