HackBlog

Clickjacking or click hijacking is a type of attack in which attacker use transparent frame to trick a user to click on a link where user wants to click on another page while user wants to click on top level page. Read more in the older post

Although it has been two years since the concept was first introduced, most websites still have not implemented effective protection against clickjacking. In part, this may be because of the difficulty of visualising how the technique works in practice.


I got a perfect tool for testing clickjacking. This new browser-based tool allows a user to experiment with clickjacking techniques by using point-and-click to visually select different elements within a webpage to be targeted. The tool also allows several ‘next-generation’ clickjacking techniques to be used, as introduced in Paul Stone’s Blackhat Europe 2010 talk.


Features:

1. Use point-and-click to select the areas of a page to be targeted
2. Supports the new ‘text-field injection’ technique
3. Supports the new ‘content extraction’ technique
4. ‘Visible mode’ replay allowing a user to see how the technique works behind the science
5. ‘Hidden mode’ replay allows the same steps to be replayed in a hidden manner, simulating a real clickjacking attack.

The tool is currently in an early beta stage, and works best in Firefox 3.6. Full support for other browsers will follow shortly. For further information, please see the Readme.txt file in the downloadable tool.


Read More:

Download Here:
http://www.contextis.co.uk/resources/tools/clickjacking-tool/cjtool.zip

Many times i have posted about clickjacking attack used in facebook. And i think it’s not over. A new clickjacking scam is again hitting facebook walls. The spam messages posted by victims of this attack read: “Baby Born Amazing Effect – WebCamera” and contains a link that takes users to a page hosted at blogspot.com. The page displays a video player thumbnail with a play button, however, trying to click it actually forces the user’s browser to Like the page.

Few days ago, face deployed a new mechanism for protecting clickjacking attack, but that system doesn’t seem to work better. This new spreading scam is the example of it’s faliure.
If you are a firefox user, you can protect yourself by using NOSCRIPT extension.

Buffer overflow vulnerabilities are one of the most common vulnerablities. For understanding buffer overflow you must have the knowledge of c or any other high level language.


When a program is executed, a specific amount of memory is assigned for each variable. The amount of memory is determined by the type of data the variable is anticipated to hold. The memory set aside is used to store information that the program needs for its execution. The program stores the value of a variable in this memory space, then pulls the value back out of memory when it’s needed.

Buffer overflow occurs when a program allocates a block of memory of a fixed length and then tries to fill the data of more length in this memory.


take a look at the simple c program:
int main()
{
int buffer[10];
buffer[20]=10
}
The above C program is a valid program, and every compiler can compile it without any errors. However, the program attempts to write beyond the allocated memory for the buffer, which might result in unexpected behavior.


In tha case of buffer over flow in a software program, data runs over the memory section it was alloted. The extra data overwrites the another portion of memory address that was meant to held something else, like part of the programmer’s instruction. This can allow attacker to overwrite data that controls the program and can take over control of the program to execute the attacker’s code insted of program. The overflow consequence could result in the program crashing or allowing the attacker to execute their own code on the target system.


This problem exists because C++ and some other programming language do not perform bound checking when passing data to the memory.


Defences:


for coder:
The defence is to have perfect programs. Every input in every programs should do bound checks to allow only given numbers of characters.


for user:
Make sure your systems are fully patched in order to protect yourself from exploits targeting vulnerabilities.
Apply vendors patch or install the latest version of the software.
No unnecessary privileges should be granted to users or applications. This is a best practice.
All suspicious traffic should be routed at the perimeter itself.

heap corruption vulnerabilities.If you use VLC to play manipulated video of this format, it could cause heap corruption. This could in turn be exploited to inject and execute malicious code. The bug has already been eliminated in the corresponding repository, but not in the the official binaries of the VLC player.