HitChrome

If you think your computer is attack-proof merely because you had the latest and licensed antivirus software, it is time to worry. Clickjacking, has come to light and has caused enough anxiety among the security researchers, a new browser vulnerability.

The worrying fact is that none of the popular browsers, including the newly launched Google Chrome, besides Internet Explorer, Firefox, Safari and Opera are free from this exploit. The only browser which is reported to be immune to this attack is the lesser-known Lynx which incidentally is a text-only browser.

A security advisory issued by Adobe with regard to its Flash Player states that it could be subject to clickjacking attacks and hijack webcams as well. Clickjacking enables an attacker to force a user click on an invisible link, obviously without his knowledge or consent. Once a user clicks the link unknowingly, the hacker takes over the control.

When you might think you are clicking on your bank funds transfer link, or saving a favourite link at Digg, or Facebook application, the reality could be entirely different, and dark.

So if you havn’t heard of it, it looks like a variant of the clickjacking vulnerability was outed before Rsnake and Jeremiah Grossman could present it publicly. An attack can invisibly hover these virtual buttons below the users’ mouse, so that when they click on something they visually see, they actually are clicking on something else the attacker wants them to, security experts have reported the vulnerability. Read the rest of this entry »