NoScript now stymies new class of exploits by revealing secret content
(Computerworld) A popular Firefox add-on designed to block scripts and plug-ins has been updated to stymie the new "clickjacking" class of attacks, the extension's developer said today.
The latest version of NoScript, a free extension for Mozilla Corp.'s Firefox browser, now boasts something that Italian developer and security researcher Giorgio Maone calls "ClearClick" to protect users from clickjacking attacks.
"Rather than relying on frame/plug-in blocking, which were already available, I decided to move on and add a brand new feature, developed from scratch, for people who couldn't bear blocking frames outright," said Maone in an interview conducted via instant messaging.
In a blog post earlier this week, Maone spelled out what ClearClick does in greater detail. "Whenever you click or otherwise interact, through your mouse or your keyboard, with an embedded element which is partially obstructed, transparent or otherwise disguised, NoScript prevents the interaction from completing and reveals [to] you the real thing in 'clear,'" he said.
At that point, users can decide for themselves whether to continue clicking, or free up the mouse from the underlying -- and potentially exploitive -- content.
Clickjacking, which was coined just last month by a pair of American researchers -- Robert Hansen of SecTheory LLC and Jeremiah Grossman of WhiteHat ...............
More: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9116800&source=NLT_PM&nlid=8
(Computerworld) A popular Firefox add-on designed to block scripts and plug-ins has been updated to stymie the new "clickjacking" class of attacks, the extension's developer said today.
The latest version of NoScript, a free extension for Mozilla Corp.'s Firefox browser, now boasts something that Italian developer and security researcher Giorgio Maone calls "ClearClick" to protect users from clickjacking attacks.
"Rather than relying on frame/plug-in blocking, which were already available, I decided to move on and add a brand new feature, developed from scratch, for people who couldn't bear blocking frames outright," said Maone in an interview conducted via instant messaging.
In a blog post earlier this week, Maone spelled out what ClearClick does in greater detail. "Whenever you click or otherwise interact, through your mouse or your keyboard, with an embedded element which is partially obstructed, transparent or otherwise disguised, NoScript prevents the interaction from completing and reveals [to] you the real thing in 'clear,'" he said.
At that point, users can decide for themselves whether to continue clicking, or free up the mouse from the underlying -- and potentially exploitive -- content.
Clickjacking, which was coined just last month by a pair of American researchers -- Robert Hansen of SecTheory LLC and Jeremiah Grossman of WhiteHat ...............
More: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9116800&source=NLT_PM&nlid=8