ClickJacking... Scary stuff...

Thanks for the heads up, Michael!

So I went over and read the article.

Then read a ton of the comments.

Got confused.

Installed NoScript anyway.

NoScript - JavaScript/Java/Flash blocker for a safer Firefox experience! - what is it? - InformAction

Good video here, too:



-----------------------------

There are (obviously!) some uber tech geeks on sites like ZDNet.

Sure, like any other place in InternetLand, there are people who don't know what they're talking about, but several posters in the "Comments" areas (a couple of threads are sort of interlinked) make good points.

For example, a couple of people lambaste the main article for being vague, asking "What, exactly, is this all about, then? And why do I need to worry? What's the big deal?"

And from my reading, I tend to agree. I can see that there's obviously an exploit, but the article didn't really make it clear to me just how malicious it could be.

I kind of feel the same as the poster of this thread:

Clickjacking: Researchers raise alert for scary new cross-browser exploit | TalkBack on ZDNet

Any techhead Warriors wanna spell it out for a bonehead?

-----------------------------

Some interesting comments in the threads:

Re: Flash being the problem...

Adobe Flash ads launching clipboard hijack attack | TalkBack on ZDNet

The video, above, shows you how to configure NoScript to deny Flash.

The thing I gleaned from a couple of the comments I read was that this browser hijack has happened through Flash banner ads on what might be considered trusted sites, such as Digg and CNN. So I'm wondering about the whitelisting option and whether it's effective.

Here's an example of several comments reitterating this point:
Clickjacking: Researchers raise alert for scary new cross-browser exploit | TalkBack on ZDNet

Obviously it's going to MORE effective in the sense that if you show up at some random page that you've never been to before, you don't know what you're going to find there and this will reduce the risk. For example, it could potentially be a domain that's been hijacked or simply an expired domain that previously had lots of traffic from inbound links and which has been purchased and loaded with Flash banners for porn sites or whatever.

In this case, if you deny Flash from running you're going to be safer.

And, I guess, any Flash content that you REALLY want to watch, you have to either decide if you want to Whitelist that site for good or choose the "Temporarily allow [site]" from the NoScript pop-up bar (as seen in the video, above).


Re: Admin priviledges

Firefox NoScript vs Clickjacking | TalkBack on ZDNet

The author of this post has made some very knowledgabe comments on this issue. I don't understand this one, though. I tried to do some digging, but didn't turn up much.

If someone here understands this, how about posting to help us out?

Cheers!

Further quick question for existing NoScript users: Is there something I'm missing in the Options? Kern just sent out a vid. I clicked through. It obviously wouldn't show coz the default in NoScript is to not allow Flash. No problem. I click the icon. I select "Temporarily allow this site". No change. Can't for the life of me get that vid to run. Watched it in IE. Any ideas?

Surfing the web without flash and javascript?

Might as well unplug the computer and read a book.

At any rate I do not see the major issue...

What does it reach beyond them being able to make you click links if you visit a bad guy's page?

Can these links then "get you?"

I've been using ABP and Flash block for firefox. Surfing the internet feels so much cleaner and faster using these tools.

ABP and Flash block eh? Gotta try it. Like Josh, I don't really understand the threat, but I'm not taking any chances anyway. Thanks for the heads up.