Everyday we click on some kind of button in our Web browsers. It could be a simple "Yes" button to agree to something or a "submit" button for your password. But do you know what you're actually clicking? If you're not careful, you could become a victim of a clickjacking attack.

An attacker could potentially place a button under or over a legitimate button, making it difficult for users to detect. The mechanism for getting the malicious clickjack button in place could involve taking advantage of Adobe Flash as well as JavaScript.

Whitehat security founder Jeremiah Grossman gets the credit for reporting the clickjacking security issues to Adobe earlier this year. That led to an update for its Adobe Flash product. Grossman said latest Flash 10 player does a good job of protecting against clickjacking. 

Eric Lawrence, security program manager on Microsoft's Internet Explorer team, echoed Grossman's sentiment about the issue. Lawrence, who also participated in the live Black Hat Webinar, noted that IFRAMEs are critical for many mashup scenarios as well as some forms of Web advertising. Still, Lawrence added, focusing on IFRAME is important because if IFRAMEs can be better isolated than the risk from clickjacking can be mitigated.

"The clickjacking attack is a super interesting attack because it is one of the hardest things for a browser to address," Lawrence said. "Because it is essentially the browser working in the way it was designed and intended; there is a side effect that has a security impact that we now have to find a way to mitigate against. This is one of a few things ... putting the browser vendors on the defensive –where we have to find a way to not break the web while at the same time mitigating the vulnerability."

Just wait and see; e-criminals would tremble in fear of a true hero: George WWW Bush. But before the hope of tommorow saves the day, read the full article to learn what we're dealing with at present. Safe browsing everyone!