DISCLAIMER: Logging other people's keystrokes or breaking
into other people's computer without their permission can
be considered illegal by the courts of many countries.
The monitoring software reviewed here is ONLY for authorized
system administrators and/or owners of computers.
We assume no liability and are not responsible for any misuse
or damage caused by the keylogging software. The end user of
this software is obliged to obey all applicable local, state,
federal and other laws in his country of residence.
October 08, 2008
'Clickjackers' could hijack Webcams, microphones, Adobe warns
Adobe Systems Inc. warned users Tuesday that hackers could use recently-reported "clickjacking" attack tactics to secretly turn on a computer's microphone and Web camera.
Flash on all platforms is susceptible to clickjacking attacks, Adobe said in an advisory posted Tuesday. By duping users into visiting a malicious Web site, hackers could hijack seemingly-innocent clicks that, in reality, would be used to grant the site access to the computer's Webcam and microphone without the user's knowledge.
"This potential 'Clickjacking' browser issue affects Adobe Flash Player's microphone and camera access dialog," acknowledged David Lenoe, the company's security program manager, in a post to Adobe's security blog.
Although a patch is not ready -- Lenoe said one would be issued by the end of October -- Adobe's advisory listed steps users can take immediately to block Webcam and microphone hijacking. Adobe recommended that users access Flash's Settings Manager using a browser to select the "Always deny" option.
Adobe rated the vulnerability as "critical," its highest threat ranking.
According to Robert Hansen, one of the two security researchers who first raised the warning about clickjacking last month, Adobe will patch the bug in Flash 10, which already has been pegged for other fixes, including a flaw that's been used by attackers for over a month to poison clipboards with URLs to malicious sites.
Hansen noted that Macs are particularly vulnerable to the Flash clickjacking attack, since all recent Apple notebooks and desktop systems include built-in cameras and microphones.
At the same time that Adobe posted its advisory, it gave Hansen and his research partner, Jeremiah Grossman, the green light to reveal clickjacking details that they had kept confidential at Adobe's request.
Hansen posted a long entry to his blog that spelled out a dozen different clickjacking attack scenarios. Two weeks ago, when they provided only a general description of clickjacking, Hansen stressed that it was not a single exploit, but a new class of exploits.
He hammered that theme again on Tuesday. "There are multiple variants of clickjacking," Hansen said in his blog post. "Some of it requires cross-domain access, some doesn't. Some overlays entire pages over a page, some uses iframes to get you to click on one spot. Some requires JavaScript, some doesn't. Some variants use [cross-site request forgery] to pre-load data in forms, some don't."
Source: ComputerWorld
All news for November, 2008
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year
DONATION: Keylogger.org is an independent research
project supported by a team of enthusiasts. If you find this
project useful or would like to help foster its continued
development please consider making a donation using PayPal`s
online secure payment service. A PayPal account is not required.
All major credit cards are accepted (MasterCard/Eurocard,
Visa/Delta/Electron, American Express, Switch/Maestro, Solo).
Simply click the button below.
Any amount would be useful and appreciated!
Thanks in advance for your support!
|
