rilpoint_mw113

Heard of clickjacking? Your browser is under threat

Heard of clickjacking!

Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, Opera and Adobe Flash – you name it and the browser is under the threat of what is being referred to as clickjacking in the techie corridors.

If you haven't heard of it so far, blame it on the tech 'know alls' who are trying to push the phenomenon under the rug, at least, till they have a workable fix ready.

The severity of clickjacking, discovered by two researchers - Robert Hansen and Jeremiah Grossman was, first deliberated upon at the OWASP NYC AppSec 2008 Conference.

File:clikcjack-12-8.JPG

So, what exactly is Clickjacking? This is how it works. Every time, during your surfing spree, when you visit a malicious website, there are attackers on the prowl who can take control of your browsing profile. Once you are hooked, the bad guys can make you click on any link, any button, without your even knowing what hit you.

"The problem affects all of the different browsers except something like lynx. The issue has nothing to do with JavaScript so turning JavaScript off in your browser will not help you. It's a fundamental flaw with the way your browser works and cannot be fixed with a simple patch," according to Ryan Naraine who is a social media enthusiast specializing in Internet and computer security issues.

File:clikcjack2-12-8.JPG

He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the world.

So when you are under attack, what happens is that you are not controlling what you surf and instead are being controlled by some bad guys with worst intent.

What could that mean for an average surfer?

File:clikcjack3-12-8.JPG

The threat is more pronounced for the web pages where you can embed Java script, although, javascript is not required to exploit this. The best bets is not to let yourself be framed (framebusting code) but an attacker can still force you to click any links on their page. Each click by the user equals a clickjacking click so something like a flash game is perfect bait. Even as the industry is working on finding the right fix, the only protection available right now is to disable browser scripting and plug-ins. Are you safe?

File:clikcjack4-12-8.JPG

Reference:

Retrieved from "http://www.infosecawareness.in/wiki/index.php/Heard_of_clickjacking%3F_Your_browser_is_under_threat"