« FEMA Data Breach, Secrecy, And ID Experts Helps With FEMA's Breach Response (Part Two) | Main | How To Protect Your Computer From ID-Theft »

Monday, February 16, 2009

Clickjacking: What It Is And How To Protect Yourself

I first read about this last year in the ZD Net Zero Day blog. At that time, there wasn't much data to go on. But the article provided a good definition of clickjacking:

"In a nutshell, it’s when you visit a malicious website and the attacker is able to take control of the links that your browser visits. The problem affects all of the different browsers except something like lynx. The issue has nothing to do with JavaScript so turning JavaScript off in your browser will not help you. It’s a fundamental flaw with the way your browser works and cannot be fixed with a simple patch."

Well, that sounds scary enough. All kinds of funky things can happen when you visit a malicious site, or a site infected with malware. I'm glad that I use McAfee SiteAdvisor to help me avoid malicious web sites. It's not bullet-proof, but I'll take all the protection I can get.

Recently, I saw this "Does Your Browser Prevent Clickjacking?" article at the Internet News site:

"One of the features in the IE 8 Release Candidate 1 includes technology that is supposed to help prevent Clickjacking. The claim has one of the principal discovers of Clickjacking raising some questions over the problem and how to prevent it with browsers. Although Clickjacking attacks have not yet been widely reported..."

How the anti-clickjacking feature in IE8 is supposed to work:

"The core of IE 8's Clickjacking protection focuses on enabling Web developers to specify and restrict which content on their site can't be broken out and framed by another site. It's a technique known as frame-busting and can also be implemented by developers using javascript code on their sites that restrict frame usage. The IE 8 approach is a different method for frame busting."

I really don't want to know how it works. I just want an effective fix. Geez. Seems like every week there's a new "feature" on the Internet.

Posted on Monday, February 16, 2009 at 08:58 AM in Scams / Threats |

| | |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e008d035db883401116844396b970c

Listed below are links to weblogs that reference Clickjacking: What It Is And How To Protect Yourself:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Bill G

Phishing and Malware Protection is built in and automatically turned on in Firefox 3.0 or later.
http://www.mozilla.com/en-US/firefox/phishing-protection/

For clickjacking, use the free Firefox plugin NoScript as a defense.
http://www.planetmysql.org/entry.php?id=17502
http://blogs.zdnet.com/security/?p=1973

Posted by: Bill G | Tuesday, February 17, 2009 at 09:46 AM

George

Bill:

Thanks for the information about Firefox. I upgraded to 3.0 last week.

George
Editor
http://ivebeenmugged.typepad.com

Posted by: George | Tuesday, February 17, 2009 at 12:41 PM

The comments to this entry are closed.

Follow

  • Updates via E-mail RSS Feed Updates via Twitter Updates via Facebook

Categories

Recent Comments

Search

Recent Posts

May 2013

Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  

About

  • Citizens Caucus to protect Social Security
  • Proud Elder Blogger
  • George Jenkins, author of the I've Been Mugged Blog