click-jacking


What Is a Clickjacking?

Clickjacking is a technique of tricking the Internet users to click a button which they do not acknowledge what they click. Through clickjacking, users can allow a malicious program to execute certain functions in the computer. There were known technique to turn a user's webcam on by using clickjacking, which could lead to a serious privacy problem. The term "clickjacking" was coined by Jeremiah Grossman and Robert Hansen in 2008. Clickjacking can be understood as an instance of the confused deputy problem.

How Clickjacking Words?

A user is tricked to click a concealed link. The attacker load another transparent layer on the top of the page that the user can see. While the users thinks that they click are clicking a visible button, they actually click a button on a invisible transparent layer. The hidden layer could be a button that perform any kind of task. The webpage thinks that the user allowed the action.

How to Prevent Click-jacking?

  • Ghostery: Ghostery is a privacy browser extension available for the 5 primary browsers that enables its users to easily detect and control tags, web bugs, pixels, and beacons that have the potential to collect data on their browsing habits.
  • NoScript: Protection against clickjacking can be added to Mozilla Firefox desktop and mobile versions by installing the NoScript add-on: its ClearClick feature, released on 8 October 2008, prevents users from clicking on invisible or "redressed" page elements of embedded documents or applets.
  • Gazelle: Gazelle is a Microsoft Research project secure web browser based on IE, that uses an OS-like security model, and has its own limited defenses against clickjacking.