Pin Me

Clickjacking- Rampant and Here to Stay

written by: Yolander•edited by: Bill Bunter•updated: 5/7/2010

Clickjacking is a huge security concern for small businesses. Luckily, there is something you can do to protect your company.

  • slide 1 of 1

    Whether you've heard about it or not, clickjacking has been an internet security concern for several years. Clickjacking is a method of hijacking your internet clicks by placing a transparent link on top of the link you intend to click. This hijacks your click and brings you to a page you never intended to visit.

    Imagine visiting your bank's website. You click a link that says, “Log On” and you are brought to a page that purports to be the portal to your bank account. You type in your user name and password and click the, “Submit” button all the while under the assumption that you are sending this information to your financial institution. Too late you realize that the first link you clicked was clickjacked and instead of logging in to your bank account you have given strangers complete access to your business' financial information.

    Software developer Giorgio Maone, creator of the site writes that, “The worst part is that a Clickjacking attack doesn't leave any trace, because it appears just like a legit navigation action from the victimized user, so this threat is doomed to remain also numerically underestimated, giving even less incentive for a (very difficult) fix.” While Maone acknowledges that it is impossible to prevent yourself from being clickjacked without some type of add on software, he does offer a solution of sorts, “at this moment Clickjacking is very real, every browser is vulnerable and the only viable protection is ClearClick.” Thankfully, a popular open source plugin, recently added ClearClick to its add-on. Noscript is a free, downloadable add-on that allows page plugins like Java to execute only on those websites that the user has deemed, “trusted.” The addition of ClearClick helps users recognize potentially hijacked links before they are transported to the hijacking web page.

    ClearClick recognizes when a link you click has been fully or partially obstructed. When this happens, a warning message pops up declaring that ClearClick has, “intercepted a mouse or keyboard interaction with a partially hidden element.” ClearClick then gives you the ability to move your cursor between the possible clickjacking link and the link you originally intended to click. You can then find your way around the obstruction and proceed to the page you wish to visit.

    Through ClearClick, Noscript offers an easy to maneuver warning system to help web browsers avoid being clickjacked. Its simple interface and open source availability make ClearClick a clear choice in the battle against internet ne'er do wells.