Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi,
I was undergoing a security related training and the instructor mentioned an attack using an browser vulnerability/exploit called 'Clickjacking'
Man ... It was some really scary stuff that he demonstrated.
The malicious script simply takes hold of ur machines clipboard and never releases it. The only way out after clicking on a link or a simple mouse over (yes - it takes only that much to get infected!) is to reboot ur PC.
People ... Look up 'Clickjacking' on google. Better armed with knowledge than sorry!
# Improved usability and unobtrusivity of the unique ClearClick anti-Clickjacking technology, disabling user interaction with partially obstructed or not clearly visible embedded objects. Enabled by default on untrusted pages, you can configure it to work on trusted pages as well in NoScript Options|Plugins.
# New Forbid <FRAME> option for cross-site legacy frames, independent from Forbid <IFRAME>. Not to weaken IFRAME protection, legacy cross-site frames which are nested inside same-site IFRAMEs are blocked anyway.
Hi,
I was undergoing a security related training and the instructor mentioned an attack using an browser vulnerability/exploit called 'Clickjacking'
Man ... It was some really scary stuff that he demonstrated.
The malicious script simply takes hold of ur machines clipboard and never releases it. The only way out after clicking on a link or a simple mouse over (yes - it takes only that much to get infected!) is to reboot ur PC.
People ... Look up 'Clickjacking' on google. Better armed with knowledge than sorry!
Could it be that you're confusing two completely separate vulnerabilities? What you have described above sounds more like an old Flash plugin vulnerability - not clickjacking. Clickjacking doesn't require Flash at all (or even JavaScript, for that matter). BTW, a heads-up about clickjacking was posted on our Mozilla Firefox Vulns thread last month.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.