‘Click Jacking’ is the latest browser-based security problem. Since it’s entirely browser based it affects everyone, regardless of their operating system. This is a cross-browser problem and also affects Flash. Its very simple to understand how it works. The basic purpose of clickjacking is to trick people into clicking on something the attacker want them to click on but user don’t want to click on.
This attack uses CSS and iFrames to place invisible content over visible buttons or links. Imagine your webcam and mic turned on by a click on some website and the attacker is spying on you through your own mic and webcam. Since the attack is running in your browser the attacker has access to anything you’re logged in to. They could hijack your clicks to reprogram your router, mess with your FaceBook profile, or interact with your online banking! The only slight silver lining is that attacks are limited to things that can be done by clicking.
Regarding protection against the hack, the only authenticated solution is NO SCRIPT, which is a browser plugin in firefox. You have to configure it as the default settings so it provides protection against IFRAME. Just open the options of the NO SCRIPT and in “Plugins” tab, click “Forbid “. This will do the job.
mgm
I sometimes get a warning message from no script about “possible click jacking attempt” when I click somewhere on certain pages. You are right that the content is not visible and I intended to click somewhere else.
1. I wanted to know that is it damaging my computer files or data or is it just hacking my resources?
2. when I have closed the browser or restarted my PC, is anything still inside my PC left by a previous click-jacked session?
3. What are experts doing about it? now that we are seeing web 2.0 almost everywhere….. is it not going to bring in more threats in future? I just wanted to know about the future trends. What other resources are there to know more about it?
these were just few random thoughts. Can anyone put some light on these?
Face Ajan