Adobe Bowed Out!!!
September 2008
Adobe yanks speech exposing critical ‘clickjacking’ vulnerabilities. Two prominent security researchers have pulled a scheduled talk that was to demonstrate critical holes affecting anyone who uses a browser to surf the web. They say they planned to demonstrate serious “clickjacking” vulnerabilities involving every major browser during a presentation scheduled for September 24 at OWASP’s AppSec 2008 Conference in New York. They canceled their talk at the request of Adobe, one of the developers whose software is vulnerable to the weakness, they say. The pair planned to disclose flaws in the architecture of all of today’s web browsers that allow malicious websites to control the links visitors click on. Once lured to a fraudulent address, a user may think he’s clicking on a link that leads to Google – when in fact it takes him to a money transfer page, a banner add that is part of a click-fraud scheme, or any other destination the attacker chooses. The technique can also forge the address that appears on a status bar at the bottom of a web browser, so even those who are careful to check referring address before clicking can be tricked, one researcher says.
Adobe yanks speech exposing critical ‘clickjacking’ vulnerabilities. Two prominent security researchers have pulled a scheduled talk that was to demonstrate critical holes affecting anyone who uses a browser to surf the web. They say they planned to demonstrate serious “clickjacking” vulnerabilities involving every major browser during a presentation scheduled for September 24 at OWASP’s AppSec 2008 Conference in New York. They canceled their talk at the request of Adobe, one of the developers whose software is vulnerable to the weakness, they say. The pair planned to disclose flaws in the architecture of all of today’s web browsers that allow malicious websites to control the links visitors click on. Once lured to a fraudulent address, a user may think he’s clicking on a link that leads to Google – when in fact it takes him to a money transfer page, a banner add that is part of a click-fraud scheme, or any other destination the attacker chooses. The technique can also forge the address that appears on a status bar at the bottom of a web browser, so even those who are careful to check referring address before clicking can be tricked, one researcher says.
posted by arkietechs at 6:24 AM
0 Comments:
Post a Comment
<< Home