« Legitimate Online Business Proving Hard For The Newcomer | Home | Do I Need To Apply Internet Marketing For My Business? »
How Serious is the Clickjacking Threat?
By racer48 | February 16, 2009
ZDnet and other technical news sites have reported that clickjacking — a potentially serious threat — can affect any browser.
What is Clickjacking
In a nutshell, clickjacking is accomplished by a malicious page that hides behind a seemingly safe page. When you click on an item, your computer is “clickjacked” by the malicious code, which then hijacks various components of your computer.This takes place without your knowledge.
Generally, webcams are hijacked, but clickjacking is not limited to affecting a cam. Your microphone or sound system can be exploited, for example, or your computer can be taken over in other ways.
Adobe’s Flash Player was especially vulnerable to clickjacking, but Adobe has come out with a fix to address the issue.
Is This Only an Explorer or Firefox Problem?
Clickjacking is a cross-browser malicious code, which affects virtually all Internet browsers. It cannot be quickly fixed by disabling javascript.
A “No Script” add-on that works with Firefox is the only known solution.
Problems with the Clickjacking Fix
After using No Script for a week or so, I disabled it because it made web surfing a chore. Every site I visited was blocked to some degree because of YouTube videos, javascript coding or ads installed on the page. For instance, the following were all blocked by No Script:
- Google Analytics
- Pepperjam network
- Peelaway Ads
- Voxant’s newsroom
- Chitika
- and many, many more (see the partial list of affiliate programs and other utilities blocked by No Script).
One of the few ad networks automatically whitelisted by the No Script add-on is Google’s Adsense. Most of the others need to be manually whitelisted and it is unlikely that the average Internet user is going to do so.
If clickjacking is truly the threat that some would say that it is, and if solutions such as No Script are the only way to fight back, I can see that this situation will kill online advertising. Adserver Plus and other heavy hitting advertising networks were blocked by the Firefox add-on.
Conclusion: Maybe the Threat is Overrated
My web browsing experience is back up to speed since I’ve disabled No Script and so far I haven’t been hit by any type of clickjacking activities. It is possible that the threat is not as bad as some would claim.
The NotGuru blog has posted some videos that show exactly how clickjacking works and how to install fixes.
Topics: Uncategorized | No Comments »