developersarena catering techies

This one scares me.  Click jacking essentially is where various vulnerabilities in browser, OS and the Flash player allow a malicious user to use your camera and microphone without your knowledge.  There are many variations on it, but today Adobe released an advisory statement on the implications within the Flash player, and now the beans are officially spilled.I first read about it via Jeremiah Grossman’s blog, and then quickly thereafter on ha.ckers.org.  The definitive proof of concept can be found at guya.net, and all things considered I actually have a Post It note over my camera at the moment.These sources cover it much better then I could, but let me just say that what scares me mostly is the variety with which this can be executed.  Javascript, CSS, iFrames, known browser or OS vulnerabilities.  The only current (practical) way to protect one’s self is to cripple plugins (in todays world of YouTube… I don’t see that happening) or to permanently change the security permissions of the Flash player (Adobe’s instructions), probably needing to cripple them, otherwise one could get clickjacked back into restoring them.Even more terrifying is what a hacker would have seen and heard coming from my office this morning.  I’ll spare you the visuals, but it would have sounded like “Meow, meow, meow, meeeeeeoooowwwwwww!” and then “who’s a frisky girl… who’s a frisky girl”, followed by my cat making a nice big scratch under my eye…