Need more bad news today? Beware of clickjacking!
Cute name, but a sinister and terrible problem.
You'll be hearing a lot about this, if the problem becomes as widespread as feared, though it sounds like security researchers are working hard to quash this.
Clickjacking works this way: You wind up on a web site where you think everything is fine and dandy, but it's actually a set-up. Look, these are the words from someone who attended the semi-restricted conference and then were reported here on the highly-respected technology news blog, ZDNet:
"In a nutshell, it's when you visit a malicious website and the attacker is able to take control of the links that your browser visits... It's a fundamental flaw with the way your browser works and cannot be fixed with a simple patch. With this exploit, once you're on the malicious web page, the bad guy can make you click on any link, any button, or anything on the page without you even seeing it happening."
So you can imagine how much fun it might be to have someone clicking their way into your bank account, without you knowing. I assume that's one of the dangers -- that these hackers might not just destroy your computer, but, well, everything else you own.
But, hey, don't worry. Clickjacking exploits a potential flaw in only a handful of browsers, including Internet Explorer, Firefox, Safari, Adobe Flash and, um, Google Chrome.
Yeah, pretty much all of them.
It was going to be a topic at the OWASP NYC AppSec 2008 Conference, which was held in New York City last Wednesday and involves any company interested in application security; but apparently, some vendors decided to call off the talk until a comprehensive fix is ready.
I haven't found much written about this, but Computerworld talks about it in a recent story. So does Macworld. In the meantime, I suppose the solution is try to stay on web sites that you know well and trust.
Geoff Williams is a freelance journalist and the author of C.C. Pyle's Amazing Foot Race: The True Story of the 1928 Coast-to-Coast Run Across America (Rodale).