Members Login
Username 
 
Password 
    Remember Me  
Freeze-Frame Radio -> Freeze-Frame Radio Lounge -> Clickjacking
Post Info TOPIC: Clickjacking
WebGuy


Doesn't Do Windows



Status: Offline
Posts: 25589
Date:
Clickjacking
Permalink  


There is a new web threat out there that we all need to be aware of. (No, this is not a joke.)

What happens is that malicious sites are working hidden frames in behind the main page that you are seeing and have it figured out a way so that if you click on what you think looks like your real page, your click is actually clicking on the hidden frame below it.

The security problem is that you may be clicking on a link to install bad stuff on your computer. This is not good.

You may actually be on a well known, trusted site, but be clicking on something else hidden below.

There are a couple things to do to help.

First, if you are using Firefox, install the "NoScript" addon (extension). Now, when you add this, you will hate it. It will break MANY innocent sites because of the use of javascript, etc. You can then whitelist the site if you feel it is not a risk. This is the safest way to browse. IF you find that whitelisting sites is too much hassle and you want to take your chances with most scripting, you can "Allow scripts globally" in the NoScript settings. The cool thing is that even with it allowing scripting, it WILL STILL protect you from this clickjacking problem.

Also, UPDATE YOUR FLASH. Go to Adobe.com and download the latest version of the flash player and install it. It has new security fixes to also help stop this when it is implemented through Flash which is just one of the ways they are doing it.




-- Edited by WebGuy at 10:32, 2008-11-06

__________________


Ruby


The Good Witch Of The South

    



Status: Offline
Posts: 19309
Date:
Permalink  

Thanks I will check this out at home!

__________________
This_egg_hatches_on_04/05/06!_Adopt_one_today_from_pickle-green.com/egraphics!
MzHartz


Permanent Vacation



Status: Offline
Posts: 23086
Date:
Permalink  

Thanks for the tip.

I did select to allow scripts globally. The main reason is that, how would I know that I don't want to run scripts on a page?

__________________

tumblr_maefr2j2Bt1rrd8d6o1_500.gif

 
WebGuy


Doesn't Do Windows



Status: Offline
Posts: 25589
Date:
Permalink  


If you mainly only go to sites you feel you can trust, you are likely going to be fine with scripts.

If you browse sites that you don't know (especially porn, etc) or trust, or if you click on every link you get in email of the latest funny video etc, you might want script blocking turned on. When it blocks a script, you can look and see what is being blocked then decide if you want to allow it or not.

Its a real pain, but it is the most secure way you can browse right now so its up to you to decide your level of security vs convenience.



__________________


MzHartz


Permanent Vacation



Status: Offline
Posts: 23086
Date:
Permalink  

Aw man, I have to stay away from the porn sites?!

My main concern is that I won't know a bad script when I see it, so I'll allow it anyway.

__________________

tumblr_maefr2j2Bt1rrd8d6o1_500.gif

 
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.
Freeze-Frame Radio -> Freeze-Frame Radio Lounge -> Clickjacking
Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse 		Powered by ActiveBoard