Comments on: All That ClickJazz… http://hackademix.net/2009/01/31/all-that-clickjazz/ Giorgio Maone's answers to the Web, the Universe, and Everything Sat, 20 Mar 2010 15:06:45 +0000 http://wordpress.org/?v=2.2.3 By: vaibhav http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10907 vaibhav Tue, 10 Feb 2009 18:45:52 +0000 http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10907 Actually this is not the first "cutting edge research" by Aditya K Sood, if you have time grab a cup of hot java browse through his numerous articles (zero code {by 0kn0ck} sadly, which says it all) and you'll be half bombed forever. if you see the logo on his website, it says "Driving Element of Innocuous Minds." and "Optimized Derivative of Complex Security". That pretty much sums everything about him. Somebody please a leash on this guy. Actually this is not the first "cutting edge research" by Aditya K Sood,
if you have time grab a cup of hot java browse through his numerous
articles (zero code {by 0kn0ck} sadly, which says it all) and you’ll be
half bombed forever.

if you see the logo on his website, it says "Driving Element of Innocuous Minds." and "Optimized Derivative of Complex Security". That pretty much
sums everything about him.

Somebody please a leash on this guy.

]]> By: justAnotherBob http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10784 justAnotherBob Wed, 04 Feb 2009 22:15:26 +0000 http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10784 argh! my post got scrubbed of JavaScript. argh! my post got scrubbed of JavaScript.

]]> By: justAnotherBob http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10781 justAnotherBob Wed, 04 Feb 2009 22:12:51 +0000 http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10781 Beside the point, but... 178 characters! <a href="http://yahoo.com" rel="nofollow">Clickjack The Target (http://www.yahoo.com) : (http://evil.hackademix.net)</a> Beside the point, but… 178 characters!

Clickjack The Target (http://www.yahoo.com) : (http://evil.hackademix.net)

]]> By: Basti http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10764 Basti Tue, 03 Feb 2009 18:24:00 +0000 http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10764 @Amad: This is a easy way to defeat this "attack". Would be good if all problems could be solved that easy. :P @Amad: This is a easy way to defeat this "attack".

Would be good if all problems could be solved that easy. :P

]]> By: Amad http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10759 Amad Tue, 03 Feb 2009 00:01:31 +0000 http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10759 @Basti: Quick fix for 'lick' jacking (works in firefox): Open link in new tab It doesn't need noscript, works with js enabled! :P Okay seriously though, surrogate scripts might have some potential in this area @Basti: Quick fix for ‘lick’ jacking (works in firefox):

Open link in new tab

It doesn’t need noscript, works with js enabled! :P

Okay seriously though, surrogate scripts might have some potential in this area

]]> By: Basti http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10755 Basti Mon, 02 Feb 2009 19:04:51 +0000 http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10755 @duryodhan: I agree. That is a problem. You can't filter or stop it without having negative impact on other (wanted) things. Would be good if something could warn about it. I guess I should forget about it... The following is general and not assigned to anyone special: JavaScript isn't per definition bad, but if you take a look at the change-log of Firefox you see that most (theoretical) exploits only work if JavaScript is on. so thanks for NoScript again. (assigned to Giorgio) @duryodhan: I agree. That is a problem. You can’t filter or stop it without having negative impact on other (wanted) things. Would be good if something could warn about it. I guess I should forget about it…

The following is general and not assigned to anyone special: JavaScript isn’t per definition bad, but if you take a look at the change-log of Firefox you see that most (theoretical) exploits only work if JavaScript is on.

so thanks for NoScript again. (assigned to Giorgio)

]]> By: ascii http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10752 ascii Mon, 02 Feb 2009 14:53:32 +0000 http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10752 damn Maone, this stuff is terrible, sad for you that have to fight with it. click* attacks damn Maone, this stuff is terrible, sad for you that have to fight with it. click* attacks

]]> By: duryodhan http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10748 duryodhan Mon, 02 Feb 2009 07:24:14 +0000 http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10748 basti : because of the way javascript is made and all the evals etc. in it , I think stopping only some type behaviour and not others would be hard to do securely. But http://research.microsoft.com/en-us/um/people/helenw/papers/bshield-osdi2006.pdf is something interesting .. basti : because of the way javascript is made and all the evals etc. in it , I think stopping only some type behaviour and not others would be hard to do securely.

But http://research.microsoft.com/en-us/um/people/helenw/papers/bshield-osdi2006.pdf

is something interesting ..

]]> By: Giorgio http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10737 Giorgio Sun, 01 Feb 2009 22:19:33 +0000 http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10737 @<b>alexkon</b>: Michał (rather than Michal), too :) @alexkon:
Michał (rather than Michal), too :)

]]> By: alexkon http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10735 alexkon Sun, 01 Feb 2009 22:09:00 +0000 http://hackademix.net/2009/01/31/all-that-clickjazz/#comment-10735 Michal Zalewski, it's w (not v) in his last name. Michal Zalewski, it’s w (not v) in his last name.

]]>