Clickjacking
© 2019
Eric Skagerberg
(All rights reserved. This material may not be reproduced in printed or electronic format without the express permission of the author.)
Adjunct Instructor,
Computer Studies Department
Santa Rosa Junior College
, California
Page last updated 7 May, 2011
What is
Clickjacking
?
(Wikipedia)
Demonstration Video:
Webcam ClickJacking
(YouTube)
Vulnerable software:
All computer systems
— Windows, Mac, Linux, etc.
All web browsers
—
Internet Explorer, Apple Safari, Firefox, Google Chrome, Opera, etc.
Flash Player from Adobe
, all old versions: 9.0.124.0 and earlier
Facebook Clickjacking Attacks:
(a sample)
"Like-jacking"
- Sophos Security, 2010
"
Funny T-shirt" attack
- Sophos Security, 2010
"Italian Schoolteacher" attack
- Sophos Security, 2011
Best Practice:
Use the
FireFox
web browser (free download) with the
NoScript
add-on (
all
computer systems)
Fix for Firefox only: NoScript
Install NoScript Now
Other web browsers (e.g. Internet Explorer, Apple Safari, Google Chrome, Opera)
Free
Comitari Web Protection Suite-Home LE
(Limited Edition)
- Windows only
GuardedID
(commercial product)
- Windows only
Secure Internet Explorer and other browsers
Some web sites and programs (e.g. Quicken) may require Internet Explorer
Upgrade Adobe Flash Player Now
to fix
(to version 10.0.12.36 or later)
Perform the above upgrade in Firefox (or other browser)
and
Internet Explorer.
(IE uses a different, ActiveX version.)
Prevent Clickjacking Attacks
- Wired, 2011