Clickjacking

[Confused facebook user ...]

Hello, good afternoon/evening ...

I just logged off Facebook. While I was logged in I tried to use an application called Mesmo TV. When the Mesmo page popped up, it was accompanied by a NoScript window alerting me to a click jacking attempt. I wondered the legitimacy of this attack, so I Googled it. When I came up empty handed on my Google search .. I rushed over here to ask if there are ever any false positives with the click jacking attempts. I won't use this application [Mesmo TV] again till I hear someone tell me otherwise. Is Mesmo TV dangerous, or has it been hacked? Does anyone have any information?

Thank you in advance

[Alan Baxter]

are ever any false positives with the click jacking attempts.

Sometimes there are, but usually the developer has to diagnose them. Check back later and see what he says. He might have some questions. If you register, you can subscribe to this topic and get a notification when someone replies. Could it be convenient for you to do that?

[GµårÐïåñ]

Glad to have you here and hopefully Giorgio can speak to this directly himself, but in the meantime keep in mind that its detecting what it finds or considers to be dangerous or potentially dangerous activity. So not a false positive per se but it could take a hit on a poorly written piece of code that might in its core not be dangerous but is acting badly or dangerously. Anyway, I think the man can speak better on this, although not too long ago I had this discussion with him in private and he was turned onto alot of possibilities. I also don't have Facebook, so unfortunately I can't test or tell you specifically.

ADD: @Alan, sorry, I was writing this when you posted, I hadn't seen your post yet.

[HenryTheSavage]

Thank you all for your quick responses, yet you apologize for your tardiness. No apology necessary.

I have registered an account, and am anxious to learn more about this click jack threat that wants to make victims of all those unprepared souls navigating about these harmless pages.

In truth it was my wife who found this [Mesmo TV] attempt. I had found one two days earlier when I opened a notification about a "Facebook worm on the loose". I didn't know it was about a worm, or I'd have left it alone. Instead, it was an unmarked "New Post" [it appeared in my Notifications tab]. As it was coming from my sister in law I just opened it thinking it was something about her kids ... and BAM .. NoScript saved me once again. I think I knew enough to give the three finger salute to reboot, clean up .. and change my passwords without keyboard input.

I have been against Facebook since its inception. Employers, thieves and perverts are few among the predators lurking out there ... they now have a giant database. I joined to help my friends and family battle their internet problems ... "Help I have a virus, but I only surf Facebook." So, like the trooper I am, I dove right in ....

Thanks again ...

[Alan Baxter]

Thank you all for your quick responses, yet you apologize for your tardiness. No apology necessary.

I have registered an account, and am anxious to learn more about this click jack threat that wants to make victims of all those unprepared souls navigating about these harmless pages.

You're welcome. Start here: http://hackademix.net/2008/10/08/hello- ... ckjacking/

[GµårÐïåñ]

I have been against Facebook since its inception. Employers, thieves and perverts are few among the predators lurking out there ... they now have a giant database. I joined to help my friends and family battle their internet problems ... "Help I have a virus, but I only surf Facebook." So, like the trooper I am, I dove right in ....

I don't like it or see a need for it and I think its more destructive than good but I edited that out of my last comment, hence why it took longer to write than normal because I didn't want to offend anyone but for the most part, I agree with you.

[Tom T.]

We complain about our loss of privacy (cookies, Flash LSO, DOM, etc. etc.), but put our entire private and family lives on the Net for anyone who can get to an internet connection? Hand it over on a silver platter? No, thank you. (same with MySpace, Twitter, etc.)

[GµårÐïåñ]

We complain about our loss of privacy (cookies, Flash LSO, DOM, etc. etc.), but put our entire private and family lives on the Net for anyone who can get to an internet connection? Hand it over on a silver platter? No, thank you. (same with MySpace, Twitter, etc.)

Agreed, even with the ability to "lock" your profile, you are still putting too much about yourself in the hands of strangers running a server with no interest whatsoever about your privacy or what happens to you if that information is ever breached. I just don't get the fascination with MySpace, Facebook, Twitter, this and that, I mean don't people have lives and better things to do with their time? BTW, this is MY opinion and in no way intended to offend anyone who uses these services or in any way pass judgment.

[therube]

Is the Clickjacking warning repeatable? If so, use the ClearClick reporting tool.

[HenryTheSavage]

Hey, I managed to get a repeat offense with Mesmo TV via Facebook. I pressed the report button.

Thanks again for all the wonderful help, as well for the excellent references.

[GµårÐïåñ]

Hey, I managed to get a repeat offense with Mesmo TV via Facebook. I pressed the report button.

Thanks again for all the wonderful help, as well for the excellent references.

Cool, now we see what Giorgio figures out, I sent him an unrelated one too, hoping to see what things about it as well.