Main menu:

Translator

English flagItalian flagKorean flagChinese (Simplified) flagPortuguese flag
German flagFrench flagSpanish flagJapanese flagArabic flag
Russian flagGreek flagDutch flagBulgarian flagCzech flag
Croat flagDanish flagFinnish flagHindi flagPolish flag
Swedish flag    
By N2H

Rss Feeds

  Articles Rss Feed

  Article Comments Feed

Site search

Categories

Archives

The Latest Threat: Clickjacking

Learn More About Clickjacking

Tech news sites such as ZDnet have reported that clickjacking is a potentially seriously threat that can affect any browser.

What is Clickjacking

Briefly, clickjacking is accomplished by a malicious page hiding behind what appears to be a safe page. When you click an item on the supposedly safe page, your computer is clickjacked by malicious code which then hijacks your pc’s accessories or other components.This takes place without your knowledge.

Generally, webcams are hijacked, but clickjacking is not limited to affecting a cam. For instance, your microphone or sound system can be exploited, or your computer can be taken over in other ways.

Adobe’s Flash Player was especially vulnerable to clickjacking, but Adobe has come out with a fix to address the issue.

Is This Only an Explorer or Firefox Problem?

Clickjacking is a cross-browser malicious code, which affects virtually all Internet browsers. Merely disabling javascript will not fix it.

A “No Script” add-on that works with Firefox is the only known solution.

Problems with the Clickjacking Fix

After using No Script for a week or so, I disabled it because it made web surfing a chore. Virtually every site I visited was partially blocked due to a YouTube video, javascript code or ad embedded on the page.  For instance, the following were all blocked by No Script:

  • Google Analytics
  • Pepperjam network
  • Peelaway Ads
  • Voxant’s newsroom
  • Chitika
  • and many, many more (see the partial list of affiliate programs and other utilities blocked by No Script).

There’s a little bit of good news for Google publishers and advertisers. Adsense is automatically whitelisted by the No Script add-on.   Most of the others need to be manually whitelisted and it is unlikely that the average Internet user is going to do so.

If clickjacking is indeed a serious threat and script blocking solutions are the only way to fight back, then I can see online advertising taking a big hit. Adserver Plus and other heavy hitting advertising networks were blocked by the Firefox add-on.

Conclusion:  Maybe the Threat is Overrated

My web browsing experience is back up to speed since I’ve disabled No Script and so far I haven’t been hit by any type of clickjacking activities. It is possible that the threat is not as bad as some would claim.

The NotGuru blog has posted some videos that show exactly how clickjacking works and how to install fixes.

Popularity: 11% [?]

StumbleUpon It!

Posted: October 28th, 2008 under Adsense Exposed.
Tags: , , , ,

« Previous post Next post »

Write a comment

You need to login to post comments!