November 19, 2008

The Clickjack Fix and Its Side Effects

Training And Tips | MarketingHighSpeed @ 12:04 am

Learn More About Clickjacking

Technical news mags such as ZDnet report that clickjacking may be a serious threat that affects any Internet browser.

Clickjacking from the Layperson’s Perspective

Briefly, clickjacking is accomplished by a malicious page hiding behind what appears to be a safe page. When you click an item on the supposedly safe page, your computer is clickjacked by malicious code which then hijacks your pc’s accessories or other components.This takes place without your knowledge.

Typically, clickjacking will affect webcams, but it can also hijack other areas of your computer. For instance, your sound system or microphone can be exploited, or your PC can be taken over in other ways.

Particularly vulnerable to clickjacking was Adobe’s Flash Player, but Adobe has issued a fix that addresses the issue.

What Browsers are Affected?

Clickjacking is a cross-browser threat, meaning that the malicious code can affect Internet Explorer, Firefox, Chrome or any other Internet borwser.   It cannot be quickly fixed by disabling javascript.

The only known solution is a “No Script” add-on that works with Firefox.

Problems with the Clickjacking Fix

After using No Script for a week or so, I disabled it because it made web surfing a chore.   Virtually every site I visited was blocked to some degree or another because the site had ads, YouTube videos or javascript coding.  For instance, the following were all blocked by No Script:

  • Google Analytics
  • Pepperjam network
  • Peelaway Ads
  • Voxant’s newsroom
  • Chitika
  • and many, many more (see the partial list of affiliate programs and other utilities blocked by No Script).

There’s a little bit of good news for Google publishers and advertisers. Adsense is automatically whitelisted by the No Script add-on.   Most of the others need to be manually whitelisted and it is unlikely that the average Internet user is going to do so.

If clickjacking is indeed a serious threat and script blocking solutions are the only way to fight back, then I can see online advertising taking a big hit. Adserver Plus and other heavy hitting advertising networks were blocked by the Firefox add-on.

Conclusion:  Maybe the Threat is Overrated

My web browsing experience is back up to speed since I’ve disabled No Script and so far I haven’t been hit by any type of clickjacking activities. It is possible that the threat is not as bad as some would claim.

The NotGuru blog has posted some videos that show exactly how clickjacking works and how to install fixes.

del.icio.us:The Clickjack Fix and Its Side Effects digg:The Clickjack Fix and Its Side Effects spurl:The Clickjack Fix and Its Side Effects wists:The Clickjack Fix and Its Side Effects simpy:The Clickjack Fix and Its Side Effects newsvine:The Clickjack Fix and Its Side Effects blinklist:The Clickjack Fix and Its Side Effects furl:The Clickjack Fix and Its Side Effects reddit:The Clickjack Fix and Its Side Effects fark:The Clickjack Fix and Its Side Effects blogmarks:The Clickjack Fix and Its Side Effects Y!:The Clickjack Fix and Its Side Effects smarking:The Clickjack Fix and Its Side Effects magnolia:The Clickjack Fix and Its Side Effects segnalo:The Clickjack Fix and Its Side Effects gifttagging:The Clickjack Fix and Its Side Effects

WordPress database error: [Table 'wp_comments' is marked as crashed and should be repaired]
SELECT * FROM wp_comments WHERE comment_post_ID = '100' AND comment_approved = '1' ORDER BY comment_date

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment