Tech news sites such as ZDnet have reported that clickjacking is a potentially serious threat that can affect any browser.
A Look at Clickjacking
In laymen's terms, clickjacking happens when a malicious page is hiding behind what appears to be a safe webpage. When you click on an item, your computer is "clickjacked" by the malicious code, which then hijacks various components of your computer.This takes place without your knowledge.
Typically, webcams are hijacked, but the clickjacking code can affect other areas of your computer equipment. Your microphone or sound system can be exploited, for example, or your computer can be taken over in other ways.
Adobe's Flash Player was particularly vulnerable to clickjacking threats; however, Adobe has come out with a fix to address the issue.
What Browsers are Safe?
Clickjacking is a cross-browser threat, meaning that the malicious code can affect Internet Explorer, Firefox, Chrome or any other Internet borwser. It cannot be quickly fixed by disabling javascript.
The only known solution is a "No Script" add-on that works with Firefox.
Problems with the Clickjacking Fix
After using No Script for a week or so, I disabled it because it made web surfing a chore. Virtually every site I visted was blocked to some degree because the page contained common elements such as javascript, affiliate ads or YouTube videos. For instance, the following were all blocked by No Script:
- Google Analytics
- Pepperjam network
- Peelaway Ads
- Voxant's newsroom
- Chitika
- and many, many more (see the partial list of affiliate programs and other utilities blocked by No Script).
Fortunately for Adsense publishers, Google's Adsense is among the short list of networks automatically whiteliested by the No Script add-on. Most of the others have to be manually whitelisted. It is highly unlikely that the average Internet user will do so.
If clickjacking is indeed a serious threat and script blocking solutions are the only way to fight back, then I can see online advertising taking a big hit. Adserver Plus and other heavy hitting advertising networks were blocked by the Firefox add-on.
Conclusion: Maybe the Threat is Overrated
My web browsing experience is back up to speed since I've disabled No Script and so far I haven't been hit by any type of clickjacking activities. Perhaps the threat is not as serious as some would claim.
The NotGuru blog has posted some videos that show exactly how clickjacking works and how to install fixes.
No comments:
Post a Comment