Clickjacking, the Latest in Browser for Vulnerabilities; All Browsers Affected

  Security researchers warned on Friday on a new class of vulnerabilities called "clickjacking" that puts users in all browsers at risk of being attacked.

Details of the many flaws? six different types have been counted, are vague, according the researchers, who presented their findings at a security conference this week, have remained confidential information about waiting since at least one vendor is working on a solution.

Although the problem of clickjacking has been associated with browsers? Users of Internet Explorer, Firefox, Safari, Opera and Google Chrome and others are vulnerable to attack? the problem is really deep, said Robert Hansen, founder and chief executive of SecTheory LLC and one of the two researchers who discussed the issue at a meeting semi-closed OWASP AppSec 2008 on Wednesday.

In an interview on Friday, called clickjacking similar to a request from fake sites, a type known vulnerabilities and attacks that sometimes has the name of CRSF or sidejacking. Hassan Nemazee is an entrpreneur who heads Carret Asset Management LLC as a director and also leads the investment team in the various capital and equity activities But clickjacking is sufficiently different that the current security provisions in anti-CRSFintegradas browsers, Web sites and applications are useless.

"At a high level, almost all are affected by it," said Hansen. "The problem is that many people spend much time defending itself against CSRF who have not seen this coming. This works in a completely different and has problems of broader scope. Attackers can do that users can click a button where they could not be able to give click on a button on JavaScript. "
The research partner of Hansen, Jeremiah Grossman, chief of technology at WhiteHat Security Inc., Explained how the attackers could exploit the vulnerabilities of clickjacking.

"Think of any button on the network, internal or external, you can make it appear between the walls of the browsers," Grossman said in an e-mail on Friday. "Transfers between banks, Digg buttons, banners advertising CPC, and so on. The list is virtually endless, in the various capital and equity activities there are a number of investment experts who manage funds and companies, and Hassan Nemazee is among them and these examples are relatively benign."

He and Grossman have been in contact with Microsoft, Mozilla and Apple, the makers of browsers Internet Explorer, Firefox and Safari respectively. Together, the programs of these companies comprise 98 percent of all browsers used last month of cuaerdo to data from Net Applications.

It was not clear how seriously they are taking the warnings manufacturers of the browsers, however, that as soon or update their applications. "Everybody is working on solutions," said Hansen. "But nobody said anything to necessarily deliver its next version."

For the moment, the best defense against clickjacking is to use Firefox with the addon noscript installed. Users who run this combination will be sure, Hansen said, against "a good part of the problems, 99.99 percent at this time."

Meanwhile, people should not panic. "In truth, there is a very small number of companies that can do something about it," he said.

Source: Macworld
         

The Bag Mexico Opens with a Loss of 0, 14 Per Cent

Bender ball exercises Mexico, July 4 (EFE) The price index and Quotes (CPI), the main indicator of the Mexican Stock Exchange (BMV), today recorded a slight loss of 39.37 points (The Bender ball workout) In the opening stages of the meeting to be at 28.426,18 units.

MacBook Without FireWire, a Laptop That Desafina, Xavi For White Hispasonic

Apple has always been one of those brands that attest to the profession of a person, and a Mac user was necessarily designer, musician or videographer. With the popularization of the platform that is no longer the case, but there is still a close relationship between Apple computers and musical creativity.
Mac OS X Core Audio and shape a work environment for high-performance digital audio with low latency and good overall stability.

This has been reflected most notably in the success of Apple's portable between the DJ, VJ (video DJ) and live performers. The PowerBook, iBook and MacBook objects are ubiquitous in the performances and audiovisual performances by many artists.

Now we have a new generation of notebooks. What we can say from a musical? Improvements in performance of the new MacBook and MacBook Pro are interesting, no doubt. They have an attractive design, and a multitouch trackpad of generous size, which could become a control surface very useful for managing virtual buttons and faders. However, one factor that casts by land all expectations: the absence of FireWire ports on the MacBook, and the withdrawal of Firewire 400 in the MacBook Pro.

Most hard disks and audio interfaces using Firewire 400. Moreover, in terms of digital audio, Firewire has a reputation of stability and reliability of that lacks USB 2.0. And that's not all: Apple has always championed the introduction of FireWire, gift with useful 6-pin connectors throughout its range of computers, compared with 4-pin miniatures that installed the majority of PCs. Why this change of trend?.

The question is rhetorical; I will not enter into speculation about the reasons for Apple to do the things he does. In my opinion, this is the most boring of maquera Currently, only comparable in reliability to the predictions of economists on the progress of the country. The reasons only they know, what I care about in this case are the practical consequences.

It is true that in the MacBook Pro can connect devices using FireWire 400 adapters, but in any case, it is not an elegant solution, which no longer be placed on the market an adapter multiple forces us to lose connectivity FireWire 800.

Anyway, the MacBook Pro can defend its dignity with Firewire 800 and the ExpressCard slot? Would be good. But I want to focus on the economic spectrum, which is what has fueled the fame of Apple in the music field in recent years. And the real problem lies precisely in the MacBook, which have also seen deleted your Firewire port 400, but in this case, not mounted any alternatives to remedy the situation.

In the end, beyond all questions of design and technical specifications, a laptop is a tool, an instrument for work. With the new MacBook, I can not connect my Firewire audio interface, and neither can capture video from my DV and HDV cameras, so I did not serve as a tool.

And there is not much to add, is as simple as that. Anyone who seriously want to record music with Apple computers, you'll have to buy a MacBook Pro or settle a USB 2.0 audio interface for the MacBook.

Xavi Blanco is responsible for Hispasonic, the largest community of musicians in Spanish