Clickjacking is a malicious practice in which the bad guys essentially lay an invisible web page on top of the page that the user sees, so that when the user clicks a button or link, they are really performing the action of the invisible link that is overlayed on top of the button or link they believe that they are clicking (hence the term “clickjack”). Often that invisible link is structured to grab their confidential information, such as a username and password.
According to the United States Computer Emergency Readiness Team (U.S. CERT), “Clickjacking gives an attacker the ability to trick a user into clicking on something only barely or momentarily noticeable. Therefore, if users click on a Web page, they may actually be clicking on content from another page.”
|Get notified of new Internet Patrol articles for free!
|Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
For example, the user on the clickjacked site may believe that they are clicking on a link or button to “See a cute kitten”, but in reality they are clicking on an invisible link that is hidden on top of the cute kitten link, and that will take them to Hotmail, and if they have a Hotmail account – and their password is stored in their browser as a cookie or other stored value – the bad guys now have their Hotmail account information – including the password.
Clickjacking works by taking advantage of certain “features” (vulnerabilities) in a large number of widely-deployed and popular browsers. While the industry scrambles to address the situation, users who are using Firefox can get some protection by using the Firefox “NoScript” add-on, which is available here.
Have you been clickjacked? Tell us about it below.
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!