1) I want more computer science courses, more dealing with computer languages and data architecture.
2) Business believes that open source is a fad and shouldn't be taken seriously.
3) Tired of taking so many accounting courses. I understand that I will need them if I become a manager, but 1 or 2 should be enough, not 5!
4) Its too Microsoft based, yes they rule the world; but I want to know other languages besides .Net based.
5) I'm just a number. I hate huge lectures, here the prof doesn't even know my name.
---
I am now a BSIR Major! and an business minor
Tuesday, November 25, 2008
Friday, November 14, 2008
Posting Errors
Ok, every time I make a change to the template and then try to re-post my blog I get a funky error message. Its kind of annoying but that's life. So far the work around has been to make fake blog posts then remove them. Don't know why I just know that it works. Oh well, on the bright side I just reserved my tickets to go back home to Houston, Tx for part of winter break. It's a good thing too because I am starting to miss everyone. Maybe my next post should be the reason(s?) [<-- bad joke] why I decided to move to Milwaukee and go to UWM.
Sunday, November 9, 2008
ClickJacking
Think of ClickJacking like Phishing, but using web pages the way they were meant to be used. Broken down, it is nothing more than Dynamix HTML and CSS or just an iFrame. So because of this just disabling scripting within your web browser will not work; doing this may actually help cause it. Real world scenario: you log into a page like Yahoo; then you go to a site where they call an iFrame into Yahoo Mail. From there on top of the iFrame you would have something else, say a picture or game; acting like a cover over your email. You would click on it and underneath would lie the iFrame of your email that is being deleted, forwarded, ect. To see an example, go to http://www.planb-security.net/notclickjacking/iframetrick.html#really
NOTE* you will need to have a MySpace account that is set to private before doing this example.
So how can you stop this? Part if it is a Flash vulnerability, so make sure you are at least running Flash 10.x; to get the latest version go to http://get.adobe.com/flashplayer/. FireFox users are in luck, they are currently the only users that can be proactive at preventing this. By installing the No Script add on (https://addons.mozilla.org/en-US/firefox/addon/722) just make sure that clearclick on page is enabled for both trusted and untrusted pages. Your next option is to use a text based browser, as they have been shown not to be effected by ClickJacking.
Web Developers can try to prevent this by adding the following Java script to their index page only if it doesn't use iFrames:
<script language="Javascript">
if (top.location != self.location) {
top.location = self.location.href
}
</script>
Of course, the person using this exploit more than likely knows how to disable javascript with the iFrame tag.
As usual following best security practices is probably the best way to prevent this exploit; by going to sites you know you can trust and sign out of pages you sign into.
NOTE* you will need to have a MySpace account that is set to private before doing this example.
So how can you stop this? Part if it is a Flash vulnerability, so make sure you are at least running Flash 10.x; to get the latest version go to http://get.adobe.com/flashplayer/. FireFox users are in luck, they are currently the only users that can be proactive at preventing this. By installing the No Script add on (https://addons.mozilla.org/en-US/firefox/addon/722) just make sure that clearclick on page is enabled for both trusted and untrusted pages. Your next option is to use a text based browser, as they have been shown not to be effected by ClickJacking.
Web Developers can try to prevent this by adding the following Java script to their index page only if it doesn't use iFrames:
<script language="Javascript">
if (top.location != self.location) {
top.location = self.location.href
}
</script>
Of course, the person using this exploit more than likely knows how to disable javascript with the iFrame tag.
As usual following best security practices is probably the best way to prevent this exploit; by going to sites you know you can trust and sign out of pages you sign into.
Subscribe to:
Comments (Atom)