[EMAIL PROTECTED] wrote: > I'm reading Yahoo news, and it mentions a new form of attack called > "clickjacking", where people can be duped into giving information to > seemingly innocent sites. This sounds more like a regular con to me. > But it mentions that a vulnerability in Adobe Flash can enable a > cracker to access your microphone and webcam and observe you. > Supposedly, this flaw is exploitable through all web browsers, > including Firefox and Google Chrome. > > Keep in mind, I readily admit to not being the most knowledgeable guy > about computers, so I figured I'd ask people who knew their stuff. > Guess what? That's you. > > I'm guessing, since it is so widespread across browsers, that this > isn't a web exploit per se, but a function of the underlying OS.
Well, in the instance of a microphone or webcam exploit, that's purely through Adobe Flash. I've never seen Fl access my mic or webcam without first prompting me. As for getting more information from the browser, that sounds like a DOM tree traversal attack, where the site uses JavaScript to try and find DOM trees that haven't been collected yet. > Although it doesn't mention that any and all OS's are vulnerable, I > wonder if Linux users have anything to worry about. The article > mentions this is a scripting problem. So just how vulnerable are > Linux boxes? Mine doesn't have a microphone (never needed one) or a > webcam (never liked them), but my laptops do have microphones, and one > has a webcam (it's unconfigured, so I figure that's nothing to worry > about at the moment). Is this simply a case of M$ getting nailed > again, or do I have something to worry about here? Microsoft's browsers are closed-source, so there's really no way in heck to know how many potential flaws there are until the patches come out. Firefox and its code is fairly rigorously reviewed, and is far safer. Chrome uses the WebKit API and a custom javascript engine. WebKit is really safe, but their javascript engine is new and probably less secure (more prone to those annoying gotcha bugs that leave security holes). Chrome is itself open-source, so that should become less of an issue over time. Most of the time - even on Windows - all of these problems are a result of the user being a pinhead and doing things that aren't really all that safe. Don't go to sites that don't look particularly trusty. You wouldn't really go walking through south-side San Francisco with a million bucks and your social security card, would you? Why should you browse the south side of the 'net with your passwords and information in your browser's cache? So if you're a 'net savvy user like a lot of people are street savvy, you should do fine. The problems arise when people expect these magical computers to protect them (they won't). Do you trust your government*? I should hope not! Do you trust your computer? I should hope not! * I trust my government about as far as I can throw it. I vote for change, but democracy is founded on the principal of government accountable to the people - /not/ the other way around. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [EMAIL PROTECTED] For more options, visit our group at http://groups.google.com/group/linuxusersgroup -~----------~----~----~----~------~----~------~--~---
