Leave a comment

Clickjacking: The One Internet Security Threat That Eclipses Other Threats

Written by:  • Edited by: Aaron R.
Updated Dec 3, 2009 • Related Guides: Javascript | Web | Internet Security Threats

Are you up-to-date on all possible Internet security threats? Could you possibly imagine that despite all of the precautions you would have taken to battle the looming security problem online, you might still be vulnerable simply because you have no clue what you could be clicking on next? Read on.

What is Clickjacking?

The number of web-based threats just seems to be growing in complexity and variety. Looks like the best we could do, given the state of affairs is to actually sit down and read up on all of these various types of threats.

A new variety is known as “Clickjacking.” No internet browser is spared from the viciousness of this attack and no browser presently comes with a way to protect the user from the possible jeopardy. Clickjacking reportedly occurs when a user unwarily clicks on an invisible area on the web page (an invisible button, perhaps) somewhere very much in the vicinity of the content the web user has been viewing. This button, invisible though it might be, can be placed anywhere by the attacker and then the user could be mistakenly led to some other site where the user can be made to do anything that might spell trouble in the usual sense.

What Makes it a Dangerous Threat?

The user is usually helpless in this case since the action required of her would be too late to be reversed once the invisible button is clicked. These actions would be forced on the user and it will be too late to undo anything that might have happened.

Apparently, the attack does not involve a code exploit like running a javascript script. According to someone who had visited the OWASP (Open web Application Security Project) presentation, all browsers are affected and it would happen even if you were to disable scripting in your browser.

With Clickjacking, the attacker has total control over the scenario. The bad guy can exploit on any link, button, or anything else you on which you might click on any malicious web page. And you wouldn’t have a clue as to whether you have been compromised.

Clickjacking is now seen as one of the worst possible risks to have surfaced yet, and was first discovered by Jeremiah Grossman and Robert “Rsnake” Hansen who described it as “Severely underappreciated and largely undefended”.

This problem is being examined by Adobe apparently and the development teams of almost all the browsers have sat up and taken notice. However, what would happen to the state of a proper anti-dote to this problem, only time can tell.

Next Article »
Clickjacking
This time, the attacks go Invisible. This series is all about clickjacking, ways and means to battle it and latest news on what's happening.
 
blog comments powered by Disqus
Security & Privacy
FEATURED AUTHORS
Sheila Robinson Tony Bradley Michele McDonough Anurag Ghosh
Bill Fulks Joli Ballew Nicholas Chris Orr
Most Popular Articles
Email to a friend