All Browsers Potentially Threatened by Clickjacking Earn Money

All Browsers Potentially Threatened by Clickjacking

Published by ama October 28th, 2008 in News. Tags: News.

Technical news mags such as ZDnet report that clickjacking may be a serious threat that affects any Internet browser.

What is Clickjacking

In a nutshell, clickjacking is accomplished by a malicious page that hides behind a seemingly safe page. When you click on an item, your computer is “clickjacked” by the malicious code, which then hijacks various components of your computer. This occurs without your knowledge.

Typically, clickjacking will affect webcams, but it can also hijack other areas of your computer. For instance, your sound system or microphone can be exploited, or your PC can be taken over in other ways.

Adobe’s Flash Player was particularly vulnerable to clickjacking threats; however, Adobe has come out with a fix to address the issue.

What Browsers are Affected?

Clickjacking is a cross-browser malicious code, which affects virtually all Internet browsers. Merely disabling javascript will not fix it.

A “No Script” add-on that works with Firefox is the only known solution.

Problems with the Clickjacking Fix

After using No Script for a week or so, I disabled it because it made web surfing a chore. Every site I visited was blocked to some degree because of YouTube videos, javascript coding or ads installed on the page. For instance, the following were all blocked by No Script:

Google Analytics
Pepperjam network
Peelaway Ads
Voxant’s newsroom
Chitika
and many, many more (see the partial list of affiliate programs and other utilities blocked by No Script).

Google’s Adsense is one of the few advertising networks that are automatically whitelisted by the No Script add-on. Most of the others have to be manually whitelisted. It is highly unlikely that the average Internet user will do so.

If clickjacking is as bad of a problem as some say it is and if No Script and similar “script blocking” solutions are the only ways to fight back, then online advertising could take a major hit. Adserver Plus and other heavy hitting advertising networks were blocked by the Firefox add-on.

Conclusion: Maybe the Threat is Overrated

My web browsing experience is back up to speed since I’ve disabled No Script and so far I haven’t been hit by any type of clickjacking activities. Perhaps the threat is more overrated than it actually is.

The NotGuru blog has posted some videos that show exactly how clickjacking works and how to install fixes.