What in the world is “clickjacking”? We have all heard the terms “hijacking” and “carjacking” and neither are crimes we want to ever be found a victim of. It is the same with “clickjacking” and it is a growing trend.

ComputerWorld.com has posted an informative article on “clickjacking”. Here are the details, according to Jeremiah Grossman, Chief Technology Officer at WhiteHat Security Inc:

“Think of any button on any Web site that you can get to appear between the browser walls. Wire transfers on banks, Digg buttons, CPC advertising banners, Netflix queue…. The list is virtually endless, and these are relatively harmless examples. Next, consider that an attack can invisibly hover these buttons below the users’ mouse, so that when they click on something they visually see, they actually are clicking on something the attacker wants them to.”

So an unsuspecting website surfer can be clicking a button that looks legitimate, but what they are seeing and what they are actually clicking are different things.

This practice is nothing new. It has been said to go back to the 1990s.

The threat of this practice affects users of Mozilla Firefox and Microsoft Internet Explorer (both have compensated for the vulnerability). Apple Safari, Opera and Adobe Flash users are all vulnerable as well.

Disabling your internet browsers plug-ins and scripts can help prevent the problem, although it is not a guarantee. The fact is, you are taking a risk when using the internet to make credit card purchases, the same as are you are taking a risk when you give your credit card to a waiter/waitress who takes it out of your view to pay your dining bill.

This entry was posted on Friday, October 24th, 2008 at 6:40 am and is filed under LifeLock. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.