500 Instant Free Traffic to Your Website

Your Blog and Cash

Is Clickjacking a Serious Threat?

November 14th, 2008 | Useful Pages

Site Build It!
Article Marketing Is Dead - Drive More Traffic To Your Site

Learn More About Clickjacking

Tech news sites such as ZDnet have reported that clickjacking is a potentially serious threat that can affect any browser.

Clickjacking in a Nutshell

Briefly, clickjacking is accomplished by a malicious page hiding behind what appears to be a safe page. When you click an item on the supposedly safe page, your computer is clickjacked by malicious code which then hijacks your pc’s accessories or other components.This takes place without your knowledge.

Generally, webcams are hijacked, but clickjacking is not limited to affecting a cam. Your microphone or sound system can be exploited, for example, or your computer can be taken over in other ways.

Adobe’s Flash Player was particularly vulnerable to clickjacking threats; however, Adobe has come out with a fix to address the issue.

What Browsers are Safe?

Clickjacking is a cross-browser threat, meaning that the malicious code can affect Internet Explorer, Firefox, Chrome or any other Internet borwser.   It cannot be quickly fixed by disabling javascript.

A “No Script” add-on that works with Firefox is the only known solution.

Problems with the Clickjacking Fix

After using No Script for a week or so, I disabled it because it made web surfing a chore. Virtually every site I visited was partially blocked due to a YouTube video, javascript code or ad embedded on the page.  For instance, the following were all blocked by No Script:

  • Google Analytics
  • Pepperjam network
  • Peelaway Ads
  • Voxant’s newsroom
  • Chitika
  • and many, many more (see the partial list of affiliate programs and other utilities blocked by No Script).

Fortunately for Adsense publishers, Google’s Adsense is among the short list of networks automatically whiteliested by the No Script add-on. Most of the others will need to be manually approved, and it is unlikely that the average Internet user will know that an ad is safe enough to whitelist.

If clickjacking is truly the threat that some would say that it is, and if solutions such as No Script are the only way to fight back, I can see that this situation will kill online advertising. Adserver Plus, Doubleclick and other big ad networks were blocked by the No Script add-on.

Conclusion:  Maybe the Threat is Overrated

My web browsing experience is back up to speed since I’ve disabled No Script and so far I haven’t been hit by any type of clickjacking activities. It is possible that the clickjacking threat is overrated.

The NotGuru blog has posted some videos that show exactly how clickjacking works and how to install fixes.

Site Build It!
Share This Post:
  • Sphinn
  • StumbleUpon
  • Reddit
  • Digg
  • Facebook
  • Mixx
  • del.icio.us
  • Technorati
  • NewsVine
  • Google
  • YahooMyWeb
  • E-mail this story to a friend!

0 comments ↓

There are no comments yet...Kick things off by filling out the form below.

Leave a Comment