ClickJacking hijacks all browsers
A new Internet security threat has the makers of all browsers scrambling to find a fix. The threat, called ClickJacking, affects all major browsers and until just two days ago there was no fix for the problem.
ClickJacking essentially allows an attacker to trick a user into clicking on a link that they may not even be able to see. The technique is based on a browser’s ability to include content from another page in the content of a trusted page. Unlike most browser flaws which affect one or other release of a browser, ClickJacking affects all popular browsers including Internet Explorer, Firefox, Opera, Safari and Google’s Chrome.
Although there were initial suggestions that disabling Javascript would fix the problem this was found to be untrue. Others suggested that turning off all extensions in a browser may be the solution but this is both impractical and no guarantee of success.
The primary solution to the problem lies with a system of alerting a user when they are being directed to content on a site that may not be the site they originally expected.
Firefox solution
One of the first solutions to the problem has come from the Firefox browser which has an extension called NoScript which has released a new version that includes built-in protection from ClickJacking attempts.
NoScript includes a specific tool called ClearClick which monitors users’ actions and whenever they interact with an embedded element which is partially obstructed, transparent or otherwise disguised, it prevents the action from completing. It then pops up a warning that allows users to allow or disallow the action from continuing.
While the technique is effective for users of the Firefox browser, there are still widespread concerns in the online security world as fixes for the other major browsers are not yet available.
Loading ...