Tech news sites such as ZDnet have reported that clickjacking is a potentially serious threat that can affect any browser.
A Look at Clickjacking
In a nutshell, clickjacking is accomplished by a malicious page that hides behind a seemingly safe page. When you click an item on the supposedly safe page, your computer is clickjacked by malicious code which then hijacks your pc’s accessories or other components.This happens without your knowledge.
Generally, webcams are hijacked, but clickjacking is not limited to affecting a cam. For example, your sound system or microphone can be exploited, or your computer can be taken over in other ways.
Adobe’s Flash Player was especially vulnerable to clickjacking, but Adobe has come out with a fix to address the issue.
Is This Only an Explorer or Firefox Problem?
Clickjacking is a cross-browser malicious code, which affects virtually all Internet browsers. It cannot be quickly fixed by disabling javascript.
A “No Script” add-on that works with Firefox is the only known solution.
Problems with the Clickjacking Fix
After using No Script for a week or so, I disabled it because it made web surfing a chore. Virtually every site I visited was partially blocked due to a YouTube video, javascript code or ad embedded on the page. For instance, the following were all blocked by No Script:
- Google Analytics
- Pepperjam network
- Peelaway Ads
- Voxant’s newsroom
- Chitika
- and many, many more (see the partial list of affiliate programs and other utilities blocked by No Script).
One of the few ad networks automatically whitelisted by the No Script add-on is Google’s Adsense. Most of the others have to be manually whitelisted. It is highly unlikely that the average Internet user will do so.
If clickjacking is indeed a serious threat and script blocking solutions are the only way to fight back, then I can see online advertising taking a big hit. Adserver Plus, Doubleclick and other big ad networks were blocked by the No Script add-on.
Conclusion: Maybe the Threat is Overrated
My web browsing experience is back up to speed since I’ve disabled No Script and so far I haven’t been hit by any type of clickjacking activities. Perhaps the threat is more overrated than it actually is.
The NotGuru blog has posted some videos that show exactly how clickjacking works and how to install fixes.
How do I choose good keywords for my website?
Filed under: blogging tools
Like this post? Subscribe to my RSS feed and get loads more!
Leave a Reply