ClearClick warning from playstation.com

Guest · Post by **Guest** » Mon Sep 07, 2009 10:45 pm

Anyone get a ClearClick warning when trying to log into http://www.us.playstation.com/ with a PSN account? I suspect it's just the way the site is coded, but I figured I'd ask anyway...

Post by **Alan Baxter** » Mon Sep 07, 2009 11:44 pm

Sorry, guest, I don't have an account. Do you get a ClearClick warning when trying to log into http://www.us.playstation.com/ with a PSN account? Cick in the center of the ClearClick Warning popup to toggle between the view with the red border and the view with the green border. If they're essentially the same, then it's probably not a real attack, but just a quirk like you suspect. In any event, could you please press the Report button and post the Report ID here. Does it happen as when press the Sign In button after you enter your login information, or does it happen when you're doing something else.

http://noscript.net/faq#qa7_4

ClearClick does the opposite: whenever you click a plugin object or a framed page, it takes a screenshot of it alone and opaque (i.e. an image of it with no transparencies and no overlaying objects), then compares it with a screenshot of the parent page as you can see it. If the two images differ, a clickjacking attack is probably happening and NoScript raises a "ClearClick warning", showing you the contextualized and "clear" object you were about to click, so you can evaluate by yourself if that was really something you wanted to do.

Guest · Post by **Guest** » Wed Sep 09, 2009 12:33 pm

Turns out it's a little more tricky to trigger the warning than I thought. The warning appears when you enter incorrect login credentials AND use the Enter/Return key to submit the form. Clicking the Sign In button will not trigger it. Giving proper credentials will not trigger it either (I originally received it because I was repeatedly entering the wrong password.) Report ID 362893.

Clicking the image within the warning to toggle between green and red borders shows the same image shifted vertically by one pixel.

Post by **Alan Baxter** » Wed Sep 09, 2009 2:07 pm

Guest wrote:Clicking the image within the warning to toggle between green and red borders shows the same image shifted vertically by one pixel.

Looks like it's not an attack then. Thank you for the detailed report.

InformAction Forums

ClearClick warning from playstation.com

ClearClick warning from playstation.com

Re: ClearClick warning from playstation.com

Re: ClearClick warning from playstation.com

Re: ClearClick warning from playstation.com