Life, the Universe and Everything
Clickjacking - solved before the skript kiddies can mount an offense!
Some of you have undoubtedly heard about the new zero hour clickjack attack. If you don't already have No-Script (and Ad Block Plus) installed.. what are you thingking?? Go to the Firefox add-on web site https://addons.mozilla.org/en-US/firefox/ and install it / them. Direct from the makers of No-Script for Firefox, here's how to lock down the vulnerability to keep yourself safe:
NoScript covers the most dangerous clickjacking attacks in its default configuration.
NoScript covers 100% on untrusted pages if you've got all the Plugins|Forbid... options checked (the only one which is not checked by default is Forbid IFRAME).
If you want protection also on trusted pages (which would need to be seriously compromised to be used as an attack vector) you just need to check Plugins|Apply these restriction to trusted sites as well.
I know exactly how the attack works but I can't tell you more than this, because Fx+NoScript is the only way to effectively protect yourself and we can't force everybody to convert ;) External Link
NoScript covers the most dangerous clickjacking attacks in its default configuration.
NoScript covers 100% on untrusted pages if you've got all the Plugins|Forbid... options checked (the only one which is not checked by default is Forbid IFRAME).
If you want protection also on trusted pages (which would need to be seriously compromised to be used as an attack vector) you just need to check Plugins|Apply these restriction to trusted sites as well.
I know exactly how the attack works but I can't tell you more than this, because Fx+NoScript is the only way to effectively protect yourself and we can't force everybody to convert ;) External Link
posted by - T at 11:02
0 Comments:
Post a Comment
<< Home