Clickjacking as been around for a while, however it appears to be increasing in the wild.  This is a threat, regardless of what browser you use.  Internet Explorer, Mozilla Firefox, Google Chrome, or any graphical web browser can be vulnerable to clickjacking.

So, what is clickjacking?  By displaying the web page that you are looking at, inside the frame of another web page, the user is fooled, and can be exploited.  While frames are common in web pages, in a clickjacking scenario, the controlling frame is not visible, as the inside frame takes up the entire controlling frame.

What this does, however, is allows the malicious web page to hover an invisible button under the mouse.  In other words, even though you can not see this button, it is always under your mouse pointer, and if you click a button, or link, on the page, what you are really clicking is the invisible button.

Obviously, you are not going to end up where you thought you were, and your web session has been hijacked.

Unfortunately, there is very little that be done.  Mozilla Firefox has an add-on name NoScript, that allows you to control what sites are allowed to run scripts in your web sessions.  Other than that, about the only thing that can be done, is to pay close attention when you are browsing.  If you click on a link, and you are not taken where you expected to be, there is a good possibility that you have been clickjacked.  In that case, immediately close your web browser. 

Also, do not have your web browser set to go back to what you had open when you closed it.  This is an option with some browsers.  Instead, have your browser set to start with a blank page, or with a web page that you trust.

For more help with clickjacking contact CCS Retail Systems Support.

Leave a Reply