According to several sources, clickjacking represents a way of tricking the web users to click on hidden buttons in order to take control over their computer or revealing personal information.

How does clickjacking works

The method is more than simple. The attacker generates a web-page full of “credible” buttons that actually don’t do anything. Why that? Because on the top of this page is another layer, that is transparent and it covers all the other buttons. This transparent layer contains another button that basically is invisible to the users. So, when the user clicks on a visible button, he actually clicks on the transparent layer. This transparent layer contains a button that makes another action (obviously, malicious) than the user thinks is doing.

Facebook and Clickjacking

As one of the largest social network, Facebook is great places for this sort of attacks. The users are easily tricked by seeing a Facebook look-like page containing the well known “Like” or “Allow application” buttons. This buttons are dummy of course, and then the user clicks on them, they actually do something else, not liking or allowing.

How can you protect agains Clickjacking?

If you were unable to see the link by clicking too fast, or just didn’t pay enough attention, it is not too late. In the new opened window/tab/browser, check the URL. If is not from facebook.com just close it.

Another way of protecting against clickjacking is by using a “script blocker” application/ad-don. This can save you, but is not always safe. More of that it blocks cleans scrips also (like Google Ads, flash videos, and so on). Various website recommends NoScript for protecting.

What happens when I click on clickjacking links?

You never now. Every clickjack threat can be different. But most of them just post a malicious link on your profile in order to become visible for you Facebook friends. They possible will click on the link posted on your profile and get infected. Some of them can steal information from you account.

What happens if I get infected?

The first thing to do is to delete all the posts on you wall that ware auto-published by the malicious script. After that you urgently have to run a full computer scan. I know, it takes a lot, but you have to do this in order to be sure that no malicious application was installed on your computer.

Also, if you see malicious posts on your friend’s profile notify them about the problem.

Finally, watch the next movie about how clickjacking attacks works. Please pay attention until the end on the video. You could get your computer more safer.

Similar Posts:

• Twitter Phising
• Facebook Who is Stalking me application is a scam
• Twilight Facebook Scam
• Click fraud on the rise
• Facebook Safety Center

Users will be tricked in liking the “Play Twilight: Breaking Dawn” page :

Facebook Twilight Scam Game Invitation Page

Twilight Facebook Scam Game

After you click on the page you will be taken to  a Page that will clickjack you into saying you “Like” the link, thus spreading the link virally to your Facebook friends.

The next step will be to ask for permission for a third-party application to access your Facebook account to post messages, updates and photos on your wall.

Full Details on Naked SecuritySimilar Posts:

• Facebook Clickjacking
• Facebook Who is Stalking me application is a scam
• Facebook Phising Again US$1,000 Best Buy gift-card
• Twitter Phising
• Facebook Safety Center

• Firefox 3.6.2 critical bug
• Enemies of the Internet
• Microsoft Steps up the distribution of Security Essentials software
• Botnet targeting Vietnamese users
• Zeus Is Back at full capacity

Lately, there is an increase in the number of facebook scams. Below we present a few of them, so that you can avoid any issues.  Some of these scams can lead to various malware for both Windows and Linux/Mac operating systems so we recommend that you pay extra attention to similar messages that may appear in the future on facebook.

“Charlie Sheen is one Sick Puppy, ADULTS ONLY GUYS!! This is his first attempt at Homemade Sex Action!”

“WTF! I just saw a movie how Christina Aguilera got arrested which was minutes ago!!“

“SHOCK!SICK! I just saw a movie how Christina Aguilera got arrested which was minutes ago!!”

“WICKED! I just saw a movie how Christina Aguilera got arrested which happened minutes ago!!”

“Just when you thought Charlie Sheen Couldn’t go any lower(or Higher), the sicko surpasses all our Expectations!”

“Holy Sh*t – Charlie Sheen $ex Tape Released by Ex-Wife! – ADULTS ONLY!!”

“Charlie Sheen in his best Performance yet!”
“Charlie Sheen has turned to another addiction, and he takes it to the limit. ADULTS ONLY!!!”

“Even The Hottest Chicks Have Accidents! You have GOT to see this now!!”

“OMG! Guten Morgen Schatz geht voll daneben. Franzose schlägt seine Frau K.O! !”

“[VIDEO REALE] Una ragazza SEXY si SPOGLIA in cam e… guarda cosa succede!!”

“SICK! I lost all respect for Miley Cyrus when I saw this photo”Similar Posts:

• Facebook Phising Again US$1,000 Best Buy gift-card
• Facebook Who is Stalking me application is a scam
• Facebook Safety Center
• Facebook Clickjacking
• Farm Town on Facebook gives you a nice malware

Today we are going to talk about the Edimax AR-7284WnA router and how to increase it’s security.

One of the weakest points for any kind of security system it’s the authentication method. In this case, the router provides a username/password method. By default, the router comes with 3 accounts: admin, user and support, but only one (admin) can have it’s default password (1234) changed to one of your choosing. The other two accounts have the password set by the manufacturer and it’s not available to regular users. We will show you how to override this flaw and set a password of your choosing for those two accounts (user and support accounts).

The first thing is to backup your router settings and save the configuration file to your hard disk. Then open the file using an editor of your choosing (eq: wordpad) and search for the following text “<X_EDIMAX-COM_Authentication”. You should be able to see a section like this:

[.....]

<1 type=”object”>

<UserName type=”string” Standard=”0″ Writable=”1″>admin</UserName>

<Password type=”string” Standard=”0″ Writable=”1″>hash_password1</Password>

<Level type=”unsignedInt” Writable=”0″ Standard=”0″>1</Level>

</1>

<2 type=”object”>

<UserName type=”string” Standard=”0″ Writable=”1″>user</UserName>

<Password type=”string” Standard=”0″ Writable=”1″>hash_password2</Password>

<Level type=”unsignedInt” Writable=”0″ Standard=”0″>2</Level>

</2>

<3 type=”object”>

<UserName type=”string” Standard=”0″ Writable=”1″>support</UserName>

<Password type=”string” Standard=”0″ Writable=”1″>hash_password3</Password>

<Level type=”unsignedInt” Writable=”0″ Standard=”0″>3</Level>

</3>

</UserList>

</X_EDIMAX-COM_Authentication>

You need to copy the “hash_password1” and replace “hash_password2” and “hash_password3”. Now the other accounts (user and support) will have the same password as the admin account and no one else will be able to login without your permission by using the default passwords. Also, make sure that you change the default password for the “admin” account from “1234” to something else.

–

Andrei Saygo

 Similar Posts:

• Facebook Password Reset Scam
• Apache Foundation website hacked again, now using an XSS attack
• Google adds warnings of suspicious activity in Gmail
• Nicole Richie hacks Kim Kardashian and Joel Madden
• Todos bought by Gemalto

The acquisition of the Texas Instruments’ cable modem product line will put Intel on a strong position in the consumer electronics market and mainly in the home entertainment sector.Similar Posts:

• Malware forensic tool for banks by Trusteer
• Facebook Password Reset Scam
• Microsoft Steps up the distribution of Security Essentials software
• Todos bought by Gemalto
• Facebook Phising Again US$1,000 Best Buy gift-card

 Acquiring both companies, Symantec plans to expand its solutions to protect confidential information and secure customer’s data. Customers depend on having encryption software as part of a regulatory and audit compliance solution. Most probably the solution that will be developed by Symantec, might be a bit more granular than BitLocker that is developed by Microsoft. While BitLocker is able do only a full disk encryption, this new encryption solution might be able to encrypt only certain folders.

Anyway it’s an interesting move done by Symantec and we will gladly wait to see what shall become of it.Similar Posts:

• Davidson & Co. fined $375,000 over 2007 data breach
• Conficker Botnet dead but we are still vulnerable
• Malware forensic tool for banks by Trusteer
• Intel to acquire McAfee and part of Texas Instruments
• Todos bought by Gemalto

Usually the fraud is done by cybercriminals that create various websites containing only ads. After that, they rent the services of groups that control various botnets.  The zombies (infected PC’s that are part of a botnet) are instructed to go to the specific website and click the ads. Everything is usually done without the user being aware that his computer is used for malicious purposes.

The add industry is quite successful, in 2009 the amount reaching $14.2 billion. Compared with spam messages that generate a few cents per thousand e-mail send, a thousand clicks may produce several dollars as revenue.

The big search companies like Google, Microsoft or Yahoo are taking the click fraud issue very seriously.Similar Posts:

• Botnets get decimated but spammers survive
• GOOD DAY from Mr.Liu Yan.
• Facebook Clickjacking
• Twitter Phising
• Botnet targeting Vietnamese users

“By joining forces with the world’s foremost payments company, we will have the opportunity to utilize Visa’s regional expertise and global presence to drive international adoption of CyberSource in key geographies,” said Michael Walsh, President and CEO of CyberSource Corporation.

“Online commerce continues to grow rapidly, and this acquisition will enable Visa to offer new and enhanced services that will better meet the growing demand among merchants globally for robust, secure online payment processing capabilities which in turn will grow the entire eCommerce category,” said Joseph W. Saunders, Chairman and CEO of Visa IncSimilar Posts:

• FBI launches a new website with bank robbers profiles
• Intel to acquire McAfee and part of Texas Instruments
• Megafortune Lottery-International Scam
• Malware forensic tool for banks by Trusteer
• E-Banking Security Guidelines to be Reviewed

Davidson & Co. learned of the breach in January 2008 when it received an extortion note from one of the perpetrators seeking money in return for their not publicly releasing the stolen data.

The attack came from a SQL injection vulnerability that allowed unknown hackers to break into a Davidson database server containing the data.

“Davidson has settled with regulators because we believe this is the most efficient way to put the matter behind us and focus on what’s most important — the present and future needs of our clients,” said Davidson’s spoke person.Similar Posts:

• Apache Foundation website hacked again, now using an XSS attack
• Firefox 3.6.2 critical bug
• Chinese root server is shut down because of a DNS issue
• Zeus Is Back at full capacity
• Botnet targeting Vietnamese users