Clickjacking is a client vulnerability that malicious websites can exploit.
What is Clickjacking?
Clickjacking occurs when a person visits a web page and clicks on something that they believe is part of the website they are visiting, while in reality they are actually clicking on a different web page that they cannot see. This is done by loading a web page over another one using an iframe, but the top page is made completely invisible. Buttons on the bottom page are strategically placed so that they coincide with actions on the invisible page. Clickjacking has been used to delete all contacts in a user's web mail address book, make a myspace profile completely public, as well as many other things. Click the following link to see an example of clickjacking. Clickjacking Example
How Can I Prevent It?
To my knowledge, there is no native prevention built into any web browsers. However, you can download a plugin for FireFox called NoScript. I currently use it, and it will warn you when you click on something that you cannot see. Also, clickjacking usually needs a user to be logged into a website in order to be vulnerable. It is a good practice to click "log out" when you are finished using a website, and doing that would prevent many of these clickjacking exploits from harming you. Web applications
Resources
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment