Posted tagged ‘adobe’

Adobe Fixes Clickjacking Flaw in Flash

October 21, 2011

As you probably know, clickjackers often use Adobe Flash to highjack computer cameras. This allows them to see into your home, take pictures, and pretty much spy on anyone in the world with an Internet connection. Your best defense: a piece of tape placed strategically over your camera. You can’t go wrong with the analog solution. Of course, then you have to find a way to deal with the clickjack that activates your computer’s microphone as well as your webcam. Those tricky scam artists are always one step ahead of decent folk.

Adobe has announced, however, that it has fixed the flaw in Flash that allowed clickjackers to activate microphones and webcams.

Before the latest Flash update, clickjackers could have their way with your computer by luring you into a simple trap. Often in the form of a game, the scammers just had to convince you to click an invisible frame on your screen. That would activate Flash’s manager and allow them to take control.

Obviously this is a good thing for anyone concerned about computer security. You kind of have to wonder how many unsavory online photographs were taken without permission. A quick clickjack, a little Photoshop, and boom! You’ve got yourself a male enhancement ad.

Of course, this might bum a few people out. After all, the Internet was obviously designed to collect naked photographs of every person in the world. Now that Adobe has managed to improve its software, how will humanity ever reach such a lofty goal?




Have No Fear: Adobe is Here!

April 27, 2011

Just last weekend, I’m sitting at my parent’s house enjoying Easter lunch when my dad asks me if I knew that viruses could turn on my webcam.

I resisted the temptation to roll my eyes. Hey, dad, I’ve been working in Internet security for about a decade now, so you’re probably not going to stump me just because you got your AOL account up and running last year.

The truth is that there isn’t much to fear when it comes to clickjacking (or “viruses,” if you want to use my dad’s terminology) and webcams. We’ve known about Adobe’s vulnerability for sometime now, and the company has made it pretty easy for you to avoid clickjacking attacks that could turn on your webcam or microphone.

The latest version of Adobe isn’t susceptible to these attacks. If you haven’t updated your Adobe software recently, then go do it right now before you give some dirtbag the opportunity to eavesdrop on you. If, for some reason, you’re extremely reluctant to download the latest Adobe software, then you can tighten your program’s security parameters. Assuming that you’re not using software from the 90s, you’ll probably solve the problem this way.

This prevents the immediate problem, but doesn’t mean that you’re safe from clickjacking. Clickjacking attacks, after all, come in a wide range of flavors. None of them taste good.

Keep your system safe by avoiding suspicious links. Plus, you should really have some reliable antivirus protection for your computer. In fact, use two antivirus programs. That should stop pretty much anything from getting through. Even though it won’t completely stop clickjacks, it will almost certainly protect your computer from the harmful side effects that could result from clickjacked websites.

Adobe security updates to prevent clickjack attacks

August 17, 2010

Adobe announced last week that it would release six critical security updates for Flash. Five of the updates are designed to prevent memory corruption. The sixth targets vulnerabilities that could make clickjacks possible. This week, the company plans to release more patches that will improve security for Reader and Acrobat.

Hackers have long focused on Adobe’s Flash software to create clickjacks that can cause computers to run operations without their user’s knowledge. Many of the clickjacks have hidden links embedded on top of images and links that appear benign. When the link is clicked, however, the user has actually clicked on the invisible frame, thus giving permission for an unknown application to start running.

This has allowed clickjackers to perform a variety of tasks. Some have even created clickjack scripts that take over web cams. This allows the hacker to film people using their computers, a spooky prospect that has led many people to keep their cameras unplugged or covered except when in use.

Some clickjacks also release viruses, trogans, and other types of malware. Once your computer is infected, the viruses can steal information or turn the computer into a slave bot that performs operations for the hacker. This slows down you internet connection and can even implicate you in illegal actions.

It is important to keep Adobe programs up to date to help protect your computer form clickjack attacks. It is a continuous process, so you will have to continue updating the software. Chances are that within a few months, a savvy hacker will find a way to counter the latest patches. Adobe will then retaliate with a new patch that addresses the most current issue.

Going manual

April 28, 2010

I recently posted a blog entry about a friend of mine who was caught in a compromising position when a clickjack attack turned on her web cam. As I had hoped, this nightmare of a story caught readers’ attentions. The one question on everyone’s mind: how can I stop such a thing from happening to me?

First, you should recognize that Adobe has made some security upgrades that make it much more difficult for clickjack attacks to take control of your computer’s web cam. Harder, yes. But not impossible.

If you want to make it impossible for clickjackers to catch you doing something private, then you have two options:

1- act like you’re sitting in front of an audience every time you use your computer, and

2- go manual

Frankly, the first suggestion is going to help many people. It’s simply too difficult to pretend that you’re sitting in front of a worldwide audience when you’re actually in your own home, the place where you feel most comfortable to let let it all hang out. Plus, consider all of the things that some people might consider personal. My friend’s case was exceptional, an example of the worst case scenario. For many, though, it wouldn’t take much to cause extreme embarrassment. Caught with your finger in your nose? Staring slack jawed at some stupid YouTube video? Falling asleep at the screen and drooling all over yourself? All of these things could be considered embarrassing to some people. What are the chances that none of them are ever going to happen.

That’s why I suggest the second option: go manual. Perhaps that’s a poor choice of phrasing considering what my friend got caught doing, but the point still stands:  you can override any software by altering the real world.



Opaque tape.

If you have a web cam that’s built into your laptop or computer, then simply put a piece of tape over the lens. If a clickjacker can figure out a way to get around that, then I say he deserves whatever footage he gets. He’s obviously either a genius or a magician.

If you have an external web cam for your  computer, then unplug it when it’s not in use.

Until we develop a foolproof way to prevent clickjacking attacks from taking control of web cams, it is prudent to take matters into your own hands by going manual.