Really scary exploit attack in wild, which affects all browsers under any desktop operating systems including MS IE, Linux, Apple safari, Opera, Firefox and Adobe flash. Any website that uses CSS, flash and IFRAME (used to serve ads) can be used to attack on end users. Attacker is able to take control of the links that your browser visits. From the article:
According to victims on several Web forums, the attack is coming from Adobe Flash-based advertising on legitimate sites — including Newsweek, Digg and MSNBC.com.
How do I stop Clickjacking under Firefox?
There are two solutions.
Option #1: Disable everything
Disable scripting and plugins such as flash and others for the time being under Firefox (except adblock plus or no-script plugin). I've no idea how to do this under IE or other browsers. Under Firefox clock on Tools > Add-ons > Select each plugin and disable it.
Shutdown browser. Next, remove Adobe flash from system using apt-get or from your directory. If firefox 3 installed at /opt/firefox/, change directory to /opt/firefox/plugins:
# cd /opt/firefox/plugins
Delete flash and other plugins files:
# rm *
This should work for other browsers too.
Option #2: Use Noscript To Stop Attack
Bonus option # 3: Use lynx
Lynx and other text based browsers are not affected by this exploit. Lynx is a free open-source, text-only Web browser. Recent version works under Mac OS X, All versions of Windows and UNIX like operating systems. You install lynx using apt-get or yum command:
# apt-get install lynx
# yum install lynx
- More info about clickjacking
- NoScript plugins
- Clickjacking demo / proof of concept demo (warning it will hijack your clipboard, to stop just close browser.)
- Clickjacking: Researchers raise alert for scary new cross-browser exploit
- 30 Cool Open Source Software I Discovered in 2013
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop