Underscoring the severity of a new class of vulnerability known as clickjacking, a blogger has created a proof-of-concept game that uses a PC's video cam and microphone to secretly spy on the player. The demo, which is available here, appears to be a simple game that tests how quickly a user can click on a series of moving targets. Behind the scenes, it combines a generic clickjacking attack with weaknesses in Adobe's Flash technology to record the player using the PC's video camera and microphone.The proof of concept is a powerful demonstration of the spooky implications behind clickjacking. The vulnerability allows malicious webmasters to control the links visitors click on. Once lured to a booby-trapped page, a user may think he's clicking on a link that leads to Google - when in fact it takes him to a money transfer page, a banner ad that's part of a click-fraud scheme, or any other destination the attacker chooses.
View: The full story @ The Reg
I just tried this myself here. Running Firefox 3 with default settings, I get redirected to a macromedia.com (shouldn't that be adobe.com by now??) site asking me to confirm flash security settings and whatnot.
As soon as i click it takes me to Website Privacy Settings panel, which informs me i can block the access to the cam and mic and just about everything else.
To specify privacy settings for a website, select the website in the Visited Websites list, and then change its privacy settings as desired. The following list explains the privacy options:
* If you want to specify whether to allow or deny access to your camera and microphone every time the selected website tries to use them, select Always Ask.
* If you want to allow access to your camera and microphone every time the selected website tries to use them, and you don't want to be asked again, select Always Allow.
* If you want to deny access to your camera and microphone every time the selected website tries to use them, and you don't want to be asked again, select Always Deny.
Note: To require that all websites ask your permission before using your camera or microphone, or to prevent any website from accessing your camera or microphone, use the Global Privacy Settings panel.
hmmm
You read all those star tabloids too when in line @ grocery store ?
HEADLINES:
BRUCE WILLIS CONFERS WITH ALIENS !!
GEORGE W. BUSH IS A GENIUS !!
MAN IS FOUND WITH A GIRAFFE PENIS !!
Last edited by Airlink on 08 Oct 2008 - 06:26
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.