Clickjacking

What is clickjacking:

Clickjacking is a portmanteau of the words click & hijacking.

It is a malicious web coding technique that presents people with graphics to click on that actually does something else than what its intended for, much like a trojan.

A clickjacking page tricks a user into performing undesired actions by clicking on a concealed link.

How it works:

This attack is not Operating System (e.g. Windows, Mac, Linux etc.) specific but its a browser based attack so every internet browser is affected.

There is a invisible layer of code that determines what will actually happen when you click on the visible buttons that are generally represented as common ‘submit’, ‘click here’ or even ‘Cancel’ buttons.

Hackers usually use JavaScript or Adobe Flash (formerly Macromedia Flash) to launch such an attack as they are easily exploitable. It is possible for a malware author to create a Flash game that prompts you to click on items as they appear on the screen, but in the background you are authorizing the remote system to access your webcam and microphone!

JavaScript and Adobe Flash are used by many websites for legitimate purposes, so disabling them in your browser will bypass clickjacking attempts but it isn’t very practical if you want the functionality that many websites offer (like site search, web forms, etc.)

How to mitigate this attack:

The best tool for protecting yourself from rogue scripts is called NoScript ( http://noscript.net/getit ) and is a free add-in for Mozilla’s Firefox browser. Unfortunately its not available for Windows Internet Explorer or Google Chrome.

NoScript is a tool that basically stops all scripts from running until the user says it is OK to run them, so in the early stages of installing this tool, the user will have to approve the running of scripts on every website that you visit in order to make full use of each site.

Users should also update their Adobe Flash Player plugins as well as the web browsers they are utilising as the latest versions of these softwares plug such exploits ( http://get.adobe.com/flashplayer).

Latest Web Browsers:

 (Windows XP SP2, SP3)

 (Windows Vista, Windows 7)

(Windows, Mac OS X, Linux)

(Windows, Mac OS X, Linux)

 (Windows, Mac OS X, Linux, Solaris, FreeBSD)

 (Windows, Mac OS X, iOS)






Latest Version:

Adobe Flash Player 11.1.102.55 (Windows XP and later, Mac OS X, Linux, Solaris)*

*Google Chrome has Adobe Flash Player inbuilt, updating Google Chrome will also update Flash Player


Sources: http://www.abc15.com/dpp/money/consumer/data_doctor/what-is-clickjacking-and-how-do-i-protect-myself%3F
Google Images
Wikipedia