Spyware, viruses, & security : Clickjacking: Hijacking clicks on the Internet
- 5/22/09 6:38 AM
Clickjacking: Hijacking clicks on the Internet
by Marianna Schmudlach - 5/22/09 6:38 AM
May 22, 2009
by Elinor Mills
"Most exploits (like worms and attacks that take advantage of holes in software) can be patched, but clickjacking is a design flaw in the way the Web is supposed to work," Grossman said. "The bad guy is superimposing an invisible button over something the user wants to click on...It can be any button on any Web page on any Web site."
The technique was used in a series of prank attacks launched on Twitter in February. In that case, users clicked on links next to tweets that said "Don't Click" and then clicked on a button that said "Don't Click" on a separate Web page. That second click distributed the original tweet to all of the Twitter user's followers, thus propagating itself rather quickly.
More: http://news.cnet.com/8301-1009_3-10247327-83.html?part=rss&subj=news&tag=2547-1009_3-0-20
clicking on "don't click" links
by abkorn - 5/23/09 4:23 AM In reply to: Clickjacking: Hijacking clicks on the Internet by Marianna Schmudlach
I use Firefox with the newest NoScript plug-in (with ClearClick). It seems like that offers pretty solid protection from what I hear. Also, in regards to the prank you mentioned on twitter: am I missing something? Why would someone looking to propagate a clickjacking prank clickjack links that say "don't click"? Wouldn't they get more hits by clickjacking links that would be more widely clicked on (like "click here" instead of "don't click")?
Are you missing something?
by btljooz - 5/23/09 1:06 PM In reply to: clicking on "don't click" links by abkorn●About the choice of 'Button Title':
▪1. "Prank" is the key word here. Get more hints by actually reading the story that was linked to at the beginning of this thread: http://news.cnet.com/8301-1009_3-10247327-83.html?part=rss&subj=news&tag=2547-1009_3-0-20
▪2. Psych 101: The best way to get someone to do something is to tell them not to or that they can't do it. Not to mention that people are, basically, lazy. 
▪3. Browser choice. How many newbie and 'average' users do you really think actually know that there are more than one browser to choose from, no less how to make good choice & download & install it? Of those who do know of the choices, how many of them in fact utilize the tool(s) at their disposal?
●Parting comments:
I also use Firefox with NoScript. NoScript is great tool! But I also add to that WOT and Flagfox within my arsenal of protective tools.
▪However, as a caveat, there is this FACT to think about, too:
There is no such thing as 'perfect' software!
►Sooner or later some nefarious party is going to come up with a way to circumvent the 'best' security tools. History always repeats itself!
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
