Don't Click Twice

John · 2025-01-16T07:19:23-08:00

I'm surprised that no one is talking about this hack attack which I learned about reading in Forbes cybersecurity article on Jan 5th here at the following URL:

Don't Click Twice

John All Messages By This Member #112944 I'm surprised that no one is talking about this hack attack which I learned about reading in Forbes cybersecurity article on Jan 5th here at the following URL: which may be blocked by a paywall if you don't have a Forbes subscription. I saved off an attached PDF with this post if you are blocked.? ? As I understand, ClickJacking has been around for quite some time and most browsers have native built in protection for this. The new twist takes this devious hack to the next level, calling it Double ClickJacking. "This entirely new threat surface is exposed by the fact that hackers can trick the user of almost any website and almost any web browser into clicking something without even realizing they are doing it." or if a user is prompted to double-click on a prompt.? ? iFrames, a window inside or on top of another window, are employed in some of these hacks. Other methods include a variety of diabolical schemes that are very concerning, if true.? ? The good news however, unless I am misinterpreting the 30,000' view is "the user is asked to double-click on a prompt" is easy enough to avoid. Just never double-click. But is it that simple? I read the article three times but I'm not convinced the Double ClickJacking hack solution of simply never double-clicking.?? ? Is it that simple or does the article imply that the hack threat goes far beyond this simple interpretation?? ? TIA, John ? DontClickTwice.pdf DontClickTwice.pdf
Brent All Messages By This Member #112945 开云体育 One, this and other articles are only about a week old.? Two, since you generally need a password to take over an account, it sounds like it is time to turn off auto-fill on your various password managers.? If number 2 is correct, I saw this coming a long time ago.? Brent On my iPhone Xr toggle quoted message Show quoted text On Jan 10, 2025, at 11:34, John via groups.io <OceanCity@...> wrote: ? I'm surprised that no one is talking about this hack attack which I learned about reading in Forbes cybersecurity article on Jan 5th here at the following URL: which may be blocked by a paywall if you don't have a Forbes subscription. I saved off an attached PDF with this post if you are blocked.? ? As I understand, ClickJacking has been around for quite some time and most browsers have native built in protection for this. The new twist takes this devious hack to the next level, calling it Double ClickJacking. "This entirely new threat surface is exposed by the fact that hackers can trick the user of almost any website and almost any web browser into clicking something without even realizing they are doing it." or if a user is prompted to double-click on a prompt.? ? iFrames, a window inside or on top of another window, are employed in some of these hacks. Other methods include a variety of diabolical schemes that are very concerning, if true.? ? The good news however, unless I am misinterpreting the 30,000' view is "the user is asked to double-click on a prompt" is easy enough to avoid. Just never double-click. But is it that simple? I read the article three times but I'm not convinced the Double ClickJacking hack solution of simply never double-clicking.?? ? Is it that simple or does the article imply that the hack threat goes far beyond this simple interpretation?? ? TIA, John ? <DontClickTwice.pdf>
John All Messages By This Member #112946 开云体育 On Jan 10, 2025, at 5:01?PM, Brent via groups.io <whodo678@...> wrote: One, this and other articles are only about a week old.? Two, since you generally need a password to take over an account, it sounds like it is time to turn off auto-fill on your various password managers.? If number 2 is correct, I saw this coming a long time ago.? Brent Thank you Brent for your awareness of this issue. I have all auto-fill prefs turned off on all apps, browsers, etc., for this and all the other obvious reasons.? The article is ambiguous, and I can't find any corroborating details on what to be aware of. The article is quite vague on details. But my question remains. Can the hack work if the user does ?_not_ ?double-click? Not panicking. Just want to get the facts straight.? Cheers, John
Brent All Messages By This Member #112947 开云体育 I didn’t and don’t read tech articles on non-tech publications. You might for financial reasons, just not for tech operation reasons.? I saw several hits on a couple more tech related sites, but few. They, too, were vague, and all within the week.? Brent On my iPhone Xr toggle quoted message Show quoted text On Jan 10, 2025, at 19:14, John via groups.io <OceanCity@...> wrote: ?On Jan 10, 2025, at 5:01?PM, Brent via groups.io <whodo678@...> wrote: One, this and other articles are only about a week old.? Two, since you generally need a password to take over an account, it sounds like it is time to turn off auto-fill on your various password managers.? If number 2 is correct, I saw this coming a long time ago.? Brent Thank you Brent for your awareness of this issue. I have all auto-fill prefs turned off on all apps, browsers, etc., for this and all the other obvious reasons.? The article is ambiguous, and I can't find any corroborating details on what to be aware of. The article is quite vague on details. But my question remains. Can the hack work if the user does ?_not_ ?double-click? Not panicking. Just want to get the facts straight.? Cheers, John
John All Messages By This Member #112948 开云体育 On Jan 11, 2025, at 12:10?AM, Brent via groups.io <whodo678@...> wrote: I didn’t and don’t read tech articles on non-tech publications. You might for financial reasons, just not for tech operation reasons.? I saw several hits on a couple more tech related sites, but few. They, too, were vague, and all within the week.? Brent Brent, Yup. Great point. I'm kind of laughing now why I didn't adopt that perspective the way you did, especially considering my skepticism in just about all "news" reports, hence my post questioning the importance, or lack thereof, of this sketchy article.? Still not really that concerned. Just curious. I have not heard of any other or new reports regarding this so-called Double ClickJacking hack.? Perhaps it was a slow news day over there at Forbes, LOL.? Just need to stay aware and vigilant at al times. Cheers, John?
Brent All Messages By This Member #112949 开云体育 I just make it a habit to double check the source of news for reliability and slant.? It is documented that William Randolph Hearst started a war to sell more newspapers, so this is nothing new. The only difference between him and PT Barnum is that Barnum did it to sell more entertainment and no one died.? Brent On my iPhone Xr toggle quoted message Show quoted text On Jan 11, 2025, at 07:48, John via groups.io <OceanCity@...> wrote: ?On Jan 11, 2025, at 12:10?AM, Brent via groups.io <whodo678@...> wrote: I didn’t and don’t read tech articles on non-tech publications. You might for financial reasons, just not for tech operation reasons.? I saw several hits on a couple more tech related sites, but few. They, too, were vague, and all within the week.? Brent Brent, Yup. Great point. I'm kind of laughing now why I didn't adopt that perspective the way you did, especially considering my skepticism in just about all "news" reports, hence my post questioning the importance, or lack thereof, of this sketchy article.? Still not really that concerned. Just curious. I have not heard of any other or new reports regarding this so-called Double ClickJacking hack.? Perhaps it was a slow news day over there at Forbes, LOL.? Just need to stay aware and vigilant at al times. Cheers, John?
John All Messages By This Member #112950 开云体育 On Jan 11, 2025, at 3:40?PM, Brent via groups.io <whodo678@...> wrote: It is documented that William Randolph Hearst started a war to sell more newspapers, so this is nothing new. The only difference between him and PT Barnum is that Barnum did it to sell more entertainment and no one died.? Brent Classic.? “Always make sure you make more money selling your advice, than following it.” ~Steve Forbes ? Cheers,? John?
Randy B. Singer All Messages By This Member #112952 On Jan 10, 2025, at 11:34 AM, John via groups.io <OceanCity@...> wrote: As I understand, ClickJacking has been around for quite some time and most browsers have native built in protection for this. The new twist takes this devious hack to the next level, calling it Double ClickJacking. "This entirely new threat surface is exposed by the fact that hackers can trick the user of almost any website and almost any web browser into clicking something without even realizing they are doing it." or if a user is prompted to double-click on a prompt. It sounds like you are talking about actual malicious Web sites. No one bothers to create those anymore, because they usually get blacklisted the same day that they go up. Just about every single Web browser out there now includes Google Safe Browsing to protect you from them. GSB is a built-in bit of technology to protect you from poisoned Web sites, drive-by downloads, and phishing sites, etc. It uses a constantly updated blacklist of malicious Web sites. __________________________________________________ Randy B. Singer Co-author of The Macintosh Bible (4th, 5th, and 6th editions) Essential But Hard To Find Macintosh Software and Advice __________________________________________________
John All Messages By This Member #112953 开云体育 On Jan 16, 2025, at 7:08?AM, Randy B. Singer via groups.io <randy@...> wrote: It sounds like you are talking about actual malicious Web sites. ? Randy B. Singer Yup. This is Website directed malware that I was reading about. Thank you for clarifying, and sharing the links. All the best, John

Previous Topic Next Topic