All Browsers Potentially Threatened by Clickjacking

November 16, 2008 | By admin In Uncategorized |

Learn More About Clickjacking

ZDnet and other technical news sites have reported that clickjacking — a potentially serious threat — can affect any browser.

Clickjacking in a Nutshell

Briefly, clickjacking is accomplished by a malicious page hiding behind what appears to be a safe page. When you click an item on the supposedly safe page, your computer is clickjacked by malicious code which then hijacks your pc’s accessories or other components.  This occurs without your knowledge.

Typically, clickjacking will affect webcams, but it can also hijack other areas of your computer. For instance, your microphone or sound system can be exploited, or your computer can be taken over in other ways.

Particularly vulnerable to clickjacking was Adobe’s Flash Player, but Adobe has issued a fix that addresses the issue.

What Browsers are Safe?

Clickjacking is a cross-browser threat, meaning that the malicious code can affect Internet Explorer, Firefox, Chrome or any other Internet borwser. Merely disabling javascript will not fix it.

The only known solution is a “No Script” add-on that works with Firefox.

Problems with the Clickjacking Fix

After using No Script for a week or so, I disabled it because it made web surfing a chore. Every site I visited was blocked to some degree because of YouTube videos, javascript coding or ads installed on the page.  For instance, the following were all blocked by No Script:

  • Google Analytics
  • Pepperjam network
  • Peelaway Ads
  • Voxant’s newsroom
  • Chitika
  • and many, many more (see the partial list of affiliate programs and other utilities blocked by No Script).

One of the few ad networks automatically whitelisted by the No Script add-on is Google’s Adsense. Most of the others have to be manually whitelisted. It is highly unlikely that the average Internet user will do so.

If clickjacking is indeed a serious threat and script blocking solutions are the only way to fight back, then I can see online advertising taking a big hit. Adserver Plus and other heavy hitting advertising networks were blocked by the Firefox add-on.

Conclusion:  Maybe the Threat is Overrated

My web browsing experience is back up to speed since I’ve disabled No Script and so far I haven’t been hit by any type of clickjacking activities. Perhaps the threat is not as serious as some would claim.

The NotGuru blog has posted some videos that show exactly how clickjacking works and how to install fixes.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • bodytext
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • blinkbits
  • BlinkList
  • blogmarks
  • Blue Dot
  • Bumpzee
  • co.mments
  • Fark
  • feedmelinks
  • Fleck
  • Furl
  • Internetmedia
  • Linkter
  • MyShare
  • NewsVine
  • description
  • Smarking
  • StumbleUpon
  • Technorati
  • Webnews.de
  • Wikio
  • YahooMyWeb

Other Related Posts:

No related posts

No Comments

Leave a reply