Be Wary of ClickjackingCategory: Internet
Posted: October 8, 2008 07:40PM
There's a new threat making its rounds across the Internet. Dubbed "clickjacking," it's when a web site dupes surfers into revealing confidential information while clicking seemingly innocent links. The vulnerability exists in Internet Explorer, Firefox, Opera, Safari, Chrome, and Adobe flash player; in other words, practically everyone is at risk. Unfortunately there's no clear solution. According to Giorgio Maone, author of Firefox extension NoScript, "there are literally infinite ways to implement such an attack." As such, he predicts that until existing web standards are changed, we won't see any real solution. For now, you may want to disable your webcam and microphone while browsing the web...taking control of those devices is one of the things a clickjack can accomplish. Or, if you're a Firefox user, you can get the newest version of NoScript, which includes the new "ClearClick" feature. When enabled, it'll display a warning message if it detects a hidden, embedded element withint the web page.