Twitter attack exposes awesome power of clickjacking

Discussion in 'Computer Security' started by ~BD~, Feb 16, 2009.

  1. ~BD~

    ~BD~ Guest

    Quote:

    A worm that forced a wave of people to unintentionally broadcast messages on
    microblogging site Twitter shows the potential of a vulnerability known as
    clickjacking to dupe large numbers of internet users into installing malware
    or visiting malicious pages without any clue they're being attacked.

    The outbreak was touched off by tweets that led Twitter readers to a button
    labeled "Don't click." Gullible users (including your reporter) who clicked
    on the button automatically posted messages that posted yet more tweets
    advertising the link. The attacks persisted even after Twitter added
    countermeasures to its site and proclaimed the issued fixed.

    The attack exploited a vulnerability at the core of the web that allows
    webmasters to trick users into clicking on one link even though the
    underlying HTML code appears to show it leads elsewhere. The so-called
    clickjacking exploit is pulled off by superimposing an invisible iframe over
    a button or link. Virtually every website and browser is susceptible to the
    technique. Technical details are available here.

    http://www.theregister.co.uk/2009/02/13/twitter_clickjack_attack/
     
    ~BD~, Feb 16, 2009
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.