Clickjacking: A Serious Threat

I spend more time than I care to these days helping people recover control of their computer from trojans and viruses.  It has become almost impossible to know whether a website is safe from Malware or not.  Part of the reason for that is a concept called Clickjacking.  Here’s an excerpt from a good article on the subject.

The clickjacking concept is nothing new, but the threat that Grossman and Hansen discovered is. It spans multiple browser families and doesn’t even require that a user click on anything. Just loading a compromised page sets off the attack, and clicking on that page will likely make things worse for the victim, they say. “And whether JavaScript is on or off, it will affect you,” he says.

The attacker can slide any malware underneath the mouse such that the user has no idea he or she is in the danger zone. So on the Website, a user could click on a bad link chosen by the attacker and the user would have no clue because the URL is invisible to them. A commonly used button on a Website could be loaded with this attack, for example, so that the user would be most likely to click on it and then get further compromised, the researchers say.

via Clickjacking Defense Will Require Browser Overhaul – Security/Management – DarkReading.

How do I avoid the threat of click jacking? I almost exclusively use Firefox for random web browsing.  There’s a plug-in available called NoScript to give you the power  to turn off all scripting which is the only way to avoid click jacking.  Here’s more on the subject from the same article.

Henry says Firefox 3.03 with a plugin called NoScript “absolutely rocks and is my browser of choice.”

NoScript is a Firefox plugin that, among other things performs whitelisting of trusted sites, letting them run JavaScript and plugin content, but can also ban plugins and IFRAMEs on trusted sites as needed, says Giorgio Maone, a security expert who wrote NoScript. It basically lets the user click to enable these features on trusted sites and then “learns” those choices so that it does so automatically.

If you need any help in getting set up with Firefox and NoScript, or anything else for that matter I specialize in virtual support and assistance.  You can even book your own employment appointment online.

I offer online scheduling using BookFresh