If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)

Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

hought that was a CAPTCHA? R is for run

01-07-2013 10:31AM

#1

Capt'n Midnight

Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 94,818 Mod ✭✭✭✭

Join Date: March 2003

Posts: 93055

http://www.theregister.co.uk/2013/07/01/keyjacking_attack_targets_letter_r_captchas/

The so-called keyjacking technique, uncovered by Italian security researcher Rosario Valotta, is similar to clickjacking. However, instead of fooling marks into generating fake Facebook likes, the keyjacking involves disguising a "run executable" dialogue box within a CAPTCHA challenge.
...
"The attack technique allows for remote code execution on Internet Explorer and Google Chrome with a minimum user interaction. I'm actually talking of typing one key [on IE] or making one click [on Chrome]," Valotta told El Reg.

2