A popular free security tool for the Firefox browser has been upgraded to block one of the most dangerous and troubling security problems facing the Web today.
NoScript is a small application that integrates into Firefox. It blocks scripts in programming languages such as JavaScript and Java from executing on untrusted Web pages. The scripts could be used to launch an attack on a PC.
The latest release of NoScript, version 1.8.2.1, will stop so-called "clickjacking," where a person browsing the Web clicks on a malicious, invisible link without realizing it, said Giorgio Maone, an Italian security researcher who wrote and maintains the program.
Clickjacking has been known for several years but is drawing attention again after two security researchers, Robert Hansen and Jeremiah Grossman, warned last month of new scenarios that could compromise a person's privacy or even worse, steal money from a bank account.
Unfortunately, clickjacking is possible due to a fundamental design feature in HTML that allows Web sites to embed content from other Web pages, Maone said. Nearly all Web browsers are vulnerable to a clickjacking attack.
"It's a very hard thing to fix because it's part of the very fabric of the Web and the browser," Maone said.
The embedded content can be invisible but a person can still unknowingly interact with it. A clickjacking attack takes advantage of that by tricking a user into clicking on a button that appears to do some function but actually does something entirely different.
Clickjacking can also be accomplished by manipulating the plug-ins of other applications, such as Adobe's Flash program and Microsoft's Silverlight. For example, researchers in recent days have shown it's possible for a clickjacking attack to turn on a person's Web camera and microphone without their knowledge.
In an advisory on Tuesday, Adobe said it will issue a patch for Flash by the end of the month.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Discover the advantages of an open architecture multi-vendor network solution
Delivering the Power of Choice with Microsoft Dynamics CRM
Achieving the impossible: Unlimited application scalability
Still Sneaking In: The Threats Your Security Tools Aren't Telling You About
Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose
Everything you need to know about email and web security (but were afraid to ask)
Simplify, Integrate and Safeguard Your Business with Secure Web Business Enablement
Simplify, Integrate and Secure: Providing Secure Access to Server-based Information and Resources Across Platforms
Zones provide focussed content from Computerworld and leading technology partners.
Security Management
Protect your critical IT assets, achieve sustainable regulatory compliance, reduce IT administration costs and enable new business opportunities with our IT security solutions.
IT Security as a business enabler?
Download Whitepaper
|
Success Stories
Australian Unity minimises costs and maximises productivity with single sign-on for 1,400 users
Australian Unity needed to address its business and security risks including user management and application security management. The company chose an enterprise single sign-on (ESSO) solution and discovered increased employee productivity, reduced help desk costs and elevated data protection.
Download the full Success Story
BT saves more than £15 million and improves customer services with comprehensive Identity & Access Management
To enable future growth and ensure its services remain competitive, BT needed to build closer relationships with its customers and suppliers. Discover how the company is now performing over 36 million transactions a day with their improved Identity & Access Management Solution.
Download the full Success Story
Identity & Access Management
Simplify and Secure: Managing User Identities Throughout their Lifecycles
Organisations are constantly challenged to keep pace with ongoing changes to users and their roles, responsibilities and requirements. Discover how CA can help you create a unified approach for managing users identities, providing them with timely and appropriate access to applications and information.
Download Whitepaper
Simplify, Integrate and Safeguard Your Business with Secure Web Business Enablement
Modern organisations are required to aggressively expand the number and type of Web applications and services provided to customers, partners and employees. Discover how to automate, delegate and centralise your key processes and services including user administration, access policies, auditing and compliance by reading on.
Download Whitepaper
Simplify, Integrate and Secure: Providing Secure Access to Server-based Information and Resources Across Platforms
Distributed servers are a powerful asset in any company’s infrastructure. Over time, most organisations have acquired a variety of different platforms and are relying on them to house an increased amount of critical applications, processes and data. Read on to discover how you can achieve a consistently higher level of server access security across multiple platforms including virtual hosts and guest operating systems.
Download Whitepaper
Buying Guides
Latest Products
