6:27 AM  Shubham Yadav  No comments

As a web savvy person of the modern era, you probably believe you are aware of all the potential security threats that you might come across when surfing the web. You know better than to trust that PayPal e-mail telling you to log in in 24 hours or your account will be closed, and you don't randomly download or open e-mail attachments, so you think you have the game locked up. Well, phishers have another way to get to you and your sensitive personal information. It's called click jacking.The term "clickjacking" was coined by Jeremiah Grossman and Robert Hansen in 2008. The exploit is also known as UI redressing.

So Clickjacking is a vulnerability used by an attacker to collect an infected user's clicks. The attacker can force the user to do all sort of things from adjusting the user's computer settings to unwittingly sending the user to Web sites that might have malicious code.

On a clickjacked page, the attackers show a set of dummy buttons, then load another page over it in a transparent layer. The users think that they are clicking the visible buttons, while they are actually performing actions on the hidden page. The hidden page may be an authentic page, and therefore the attackers can trick users into performing actions which the users never intended. There is no way of tracing such actions later, as the user was genuinely authenticated on the other page.

How to Prevent from Clickjacking Attacks:-

Clickjacking, put simply, is when a button, image, video, or some form of embedded content on a website is overlaid by an invisible layer that sits on top of the site underneath it.

1. Upgrade Flash Player:-Clickjacking is invisible. If you have Flash installed and you click on the wrong link, you're vulnerable.

However, Adobe's latest version of Flash is ready for the bad guys. Adobe recommends first and foremost upgrading to the latest version of Adobe Flash Player . The free upgrade adds some safeguards that will ask you for permission before granting unauthorized access to your camera, microphone, or any other data through your Flash preferences.

2. Edit Your Flash Settings:-  There are certain permissions settings that give you the control over whether to give Flash applications access to your computer. Turn them off to ensure nobody has access to your Flash settings without your permission.

3. Block Scripts From the Browser:-You can depend on some browser anti-malware technology and add-ons to prevent Flash attacks before they are even loaded. For Firefox you install the No Script Plugin.

Posted in: Clickjacking,What is