 |
 |
There is not a lot of good information available at this time. From the US-CERT, "Disabling IFRAMEs, active content, and plug-ins by default, as outlined in the Securing Your Web Browser document, may protect against the vulnerability. Note, disabling IFRAMES, active content, and plug-ins may reduce the functionality of some websites." This also turns off a good deal of the functionality found in modern browsers and may or may not be an option. The real fix for this will have to come in the form of browser patches. Joe -- Joe Budzyn [log in to unmask] 301 Computer Center Ph: (517) 432-7448 Michigan State University East Lansing, MI 48824 On Wed, Oct 08, 2008 at 01:49:23PM -0400, Lee Duynslager wrote: > Is anybody out there conversant on click jacking vulnerablities. > > --US-CERT Issues Warning on Clickjacking (September 26 & 29, 2008) Concerns > about clickjacking, a cross-platform browser attack technique, have prompted > the US Computer Emergency Readiness Team (US-CERT) to issue a warning. > Until a fix is available, users can protect themselves by disabling > scripting and plug-ins in their browsers. > The researchers who discovered the clickjacking vulnerability had planned to > present their findings at a conference in September, but grew concerned > about the technique's severity and chose to notify vendors and allow them > time to develop fixes. > http://www.informationweek.com/news/security/vulnerabilities/showArticle.jht > ml?articleID=210604261 > http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti > cleId=9115818&source=rss_topic17 > http://www.us-cert.gov/current/index.html#multiple_web_browsers_affected_by > > http://ha.ckers.org/blog/20081007/clickjacking-details/ > > Source: SANS NewsBites Vol. 10 Num. 78 > > > If so what conclusion did you come to and what did you recommend that your > users do? > > Maybe the university's Info Sec Rep Could chime in on this one? > > > LD