15.10.08

Clickjacking. Yeah. Hijacking the interwebz!

Here's an article on Clickjacking, a newly discovered security problem in the internet:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=Security&articleId=9115818&taxonomyId=17&pageNumber=1

Basically, an attacker hides their own page behind code from a legit page.  Then when you click a button on the legit page, you also click the button on the attacker's page behind it.  Sneaky. 

So, what can you do?  First, COMMON SENSE.  Check where you are at and if it looks OK.

Second, use Firefox and NoScript:

http://hackademix.net/2008/09/27/clickjacking-and-noscript/

NoScript, however, is not for your grandma, unfortunately.  But, it's not THAT hard to learn how to use, and it will speed up the internet as well =]

No comments: