What is Clickjacking? A Dangerous Web-based Threat You Need to Be Aware of

Page content

What is Clickjacking?

The number of web-based threats just seems to be growing in complexity and variety. Looks like the best we could do, given the state of affairs is to actually sit down and read up on all of these various types of threats.

A new variety is known as “Clickjacking.” No internet browser is spared from the viciousness of this attack and no browser presently comes with a way to protect the user from the possible jeopardy. Clickjacking reportedly occurs when a user unwarily clicks on an invisible area on the web page (an invisible button, perhaps) somewhere very much in the vicinity of the content the web user has been viewing. This button, invisible though it might be, can be placed anywhere by the attacker and then the user could be mistakenly led to some other site where the user can be made to do anything that might spell trouble in the usual sense.

What Makes it a Dangerous Threat?

The user is usually helpless in this case since the action required of her would be too late to be reversed once the invisible button is clicked. These actions would be forced on the user and it will be too late to undo anything that might have happened.

Apparently, the attack does not involve a code exploit like running a javascript script. According to someone who had visited the OWASP (Open web Application Security Project) presentation, all browsers are affected and it would happen even if you were to disable scripting in your browser.

With Clickjacking, the attacker has total control over the scenario. The bad guy can exploit on any link, button, or anything else you on which you might click on any malicious web page. And you wouldn’t have a clue as to whether you have been compromised.

Clickjacking is now seen as one of the worst possible risks to have surfaced yet, and was first discovered by Jeremiah Grossman and Robert “Rsnake” Hansen who described it as “Severely underappreciated and largely undefended”.

This problem is being examined by Adobe apparently and the development teams of almost all the browsers have sat up and taken notice. However, what would happen to the state of a proper anti-dote to this problem, only time can tell.

This post is part of the series: Clickjacking

This time, the attacks go Invisible. This series is all about clickjacking, ways and means to battle it and latest news on what’s happening.

  1. Clickjacking: The One Internet Security Threat That Eclipses Other Threats
  2. Clickjacking: The Threat That’s Hiding Out in the Open