InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

ClearClick warning from playstation.com

https://forums.informaction.com/viewtopic.php?t=2554

Page 1 of 1

ClearClick warning from playstation.com

Posted: Mon Sep 07, 2009 10:45 pm
by Guest
Anyone get a ClearClick warning when trying to log into http://www.us.playstation.com/ with a PSN account? I suspect it's just the way the site is coded, but I figured I'd ask anyway...

Re: ClearClick warning from playstation.com

Posted: Mon Sep 07, 2009 11:44 pm
by Alan Baxter
Sorry, guest, I don't have an account. Do you get a ClearClick warning when trying to log into http://www.us.playstation.com/ with a PSN account? Cick in the center of the ClearClick Warning popup to toggle between the view with the red border and the view with the green border. If they're essentially the same, then it's probably not a real attack, but just a quirk like you suspect. In any event, could you please press the Report button and post the Report ID here. Does it happen as when press the Sign In button after you enter your login information, or does it happen when you're doing something else.

http://noscript.net/faq#qa7_4
ClearClick does the opposite: whenever you click a plugin object or a framed page, it takes a screenshot of it alone and opaque (i.e. an image of it with no transparencies and no overlaying objects), then compares it with a screenshot of the parent page as you can see it. If the two images differ, a clickjacking attack is probably happening and NoScript raises a "ClearClick warning", showing you the contextualized and "clear" object you were about to click, so you can evaluate by yourself if that was really something you wanted to do.

Re: ClearClick warning from playstation.com

Posted: Wed Sep 09, 2009 12:33 pm
by Guest
Turns out it's a little more tricky to trigger the warning than I thought. The warning appears when you enter incorrect login credentials AND use the Enter/Return key to submit the form. Clicking the Sign In button will not trigger it. Giving proper credentials will not trigger it either (I originally received it because I was repeatedly entering the wrong password.) Report ID 362893.

Clicking the image within the warning to toggle between green and red borders shows the same image shifted vertically by one pixel.

Re: ClearClick warning from playstation.com

Posted: Wed Sep 09, 2009 2:07 pm
by Alan Baxter
Guest wrote:Clicking the image within the warning to toggle between green and red borders shows the same image shifted vertically by one pixel.
Looks like it's not an attack then. Thank you for the detailed report.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited