You are in: Articles / Security / Reports / You Could be Getting Clickjacked

You Could be Getting Clickjacked

Phishing, online fraud, spam and now's just not safe to go online anymore! But hey, I'm still keeping the faith because soon-to-be unemployed president Bush could make a dazzling career move. After he gained extensive experience from masterminding the "War on Terrorism", he would be the perfect commanding chief for the "War against Internet Crime"! He's gonna get'em !   

(By Sean Michael Kerner, If you're not careful about where you click, you could become a victim of a clickjacking attack.

Everyday we click on some kind of button in our Web browsers. It could be a simple "Yes" button to agree to something or a "submit" button for your password. But do you know what you're actually clicking? If you're not careful, you could become a victim of a clickjacking attack.

An attacker could potentially place a button under or over a legitimate button, making it difficult for users to detect. The mechanism for getting the malicious clickjack button in place could involve taking advantage of Adobe Flash as well as JavaScript.

Whitehat security founder Jeremiah Grossman gets the credit for reporting the clickjacking security issues to Adobe earlier this year. That led to an update for its Adobe Flash product. Grossman said latest Flash 10 player does a good job of protecting against clickjacking. 

Eric Lawrence, security program manager on Microsoft's Internet Explorer team, echoed Grossman's sentiment about the issue. Lawrence, who also participated in the live Black Hat Webinar, noted that IFRAMEs are critical for many mashup scenarios as well as some forms of Web advertising. Still, Lawrence added, focusing on IFRAME is important because if IFRAMEs can be better isolated than the risk from clickjacking can be mitigated.

"The clickjacking attack is a super interesting attack because it is one of the hardest things for a browser to address," Lawrence said. "Because it is essentially the browser working in the way it was designed and intended; there is a side effect that has a security impact that we now have to find a way to mitigate against. This is one of a few things ... putting the browser vendors on the defensive –where we have to find a way to not break the web while at the same time mitigating the vulnerability."

Just wait and see; e-criminals would tremble in fear of a true hero: George WWW Bush. But before the hope of tommorow saves the day, read the full article to learn what we're dealing with at present. Safe browsing everyone!

Rating: 12345
Leave a comment

Note: all fields marked with (*) are required
Comments (0)
Close send to email window

Verification code

Already a member?
Blacklist monitoring alerts
sign up Signup for our real-time monitoring service and receive email notifications each time one of your IPs gets blacklisted.
Free Signup
Mail Server Operating System Poll

What OS do you use for your email server?
disabled next

How many mailboxes do you currently manage?
previous next

Would you like to comment upon the choosing of this particular OS?

DNS Tools
Get IP status, owner and location, obtain its corresponding hostname or check specific ports.
Ping Statistics
Reverse DNS Lookup
Whois Info (IP owner)
GeoIP Information
Check Port
Open Relay Test
Test if your mail server is an open relay for spammers.
Blacklist Checker
Check if your IP is listed in DNS based email blacklists (DNSBL)