'Clickjacking'

posted September 26, 2008

This article is about a web browser technique called 'clickjacking', "it gives an atttacker the ability to trick a user into clicking on something only barely or momentarily noticeable. Therefore, if a user clicks on a Web page, they may actually be clicking on content from another page". The government security agency says that this flaw effects most web browsers such as Apple, Safari, Goggle Chrome, Microsoft Internet Explorer, Mozilla Firefox, and Opera; and that there is no fix available. To avoid this risk, you should disable scripting adn plug-ins. They suggest the use of security plug ins such as FlashBlock, Adblock Plus, and CustomizeGoogle; these plugins should not be turned off. There was a disccusion with Adobe, Microsoft, Mozilla, and other major browser vendors. Adobe is not affected but it was involved because of its Flash software that can be used for clickjacking exploit. "Web sites that attempt to be more secure end up being less secure with reguard to clickjacking, because sites that try to protect againgst cross-site request forgery end up making themselves vulnerable to this attack".