Wolfe, Daniel, American Banker
Byline: Daniel Wolfe
A software patch was released last week to address "clickjacking"disguising a link to a malicious Web site as a link to a legitimate one.
Clickjacking, a method uncovered by researchers at SecTheory LLC and WhiteHat Security Inc., uses "iFrame" technology to put an invisible picture from one Web sitewhich acts as a linkover visible links to another, thus tricking people into clicking on the image instead of the desired link, The Washington Post's Brian Krebs wrote Monday in his "Security Fix" column.
Hackers could use this method to guide victims to sites that take over computers' Web cams, enabling the criminals to watch when people enter passwords and other personal information, the column said.
The patch for Adobe Systems Inc.'s Flash player can block clickjackers from gaining control of users' Web cams or microphones, Mr. Krebs wrote.
Web surfers are less vulnerable at sites that generate dynamic "session ID" addresses for each user, Robert Hansen, SecTheory's chief executive, told Mr. Krebs, since it is harder for the attacker to determine which pages are being viewed.
Mr. Krebs said that this technique is powerful but rare. "I am not aware of any malicious clickjacking attacks. I mention that not to belittle the threat from clickjacking, but as a reality check."
Is it ID Theft?
The Supreme Court has agreed to hear a case next year that centers on whether illegal immigrants who use stolen Social Security numbers to obtain employment, but not to steal money or obtain credit in the owners' names, are guilty of identity theft.
Federal prosecutors have charged many undocumented workers with aggravated identity theft, a charge that carries a possible prison term. Some defense lawyers have said their clients did not know that the numbers they were using belonged to real people, the Associated Press reported Monday.
"When a person makes up a Social Security number, having no idea whether it belongs to someone else ... it is hard to see how that conduct qualifies as 'theft,' much less as 'aggravated theft,' " said attorneys for Ignacio Carlos Flores-Figueroa, a Mexican national who was convicted of aggravated identity theft.
A St. Louis appeals court upheld his conviction. Appeals courts in Atlanta and Richmond have taken a similar stance, but appeals courts in Boston, San Francisco, and Washington have agreed with the defendants, the AP said.
No-Fly? No Problem
Airport security can be easily breached through well-known loopholes according to Jeffrey Goldberg, a reporter who described his efforts to bring contraband on a plane in the November edition of The Atlantic.