Clickjacking
© 2008
Eric Skagerberg
(All rights reserved. This material may not be reproduced in printed or electronic format without the express permission of the author.)
Adjunct Instructor,
Computer & Information Sciences Department
Santa Rosa Junior College
, California
Page last updated 24 July, 2010
·
Back to Eric S. Home Page
What is
Clickjacking
?
(Wikipedia)
Demonstration Video:
Webcam ClickJacking
(YouTube)
Vulnerable software:
All computer systems
— Windows, Mac, Linux, etc.
All web browsers
—
Internet Explorer, Apple Safari, Firefox, Google Chrome, Opera, etc.
Flash Player from Adobe
, all old versions: 9.0.124.0 and earlier
Facebook Clickjacking Attack
(Sophos Security)
Best Practice:
Use the
FireFox
web browser (free download) with the
NoScript
add-on
Fix for Firefox only: NoScript
Install NoScript Now
Avoid all other web browsers (e.g. Internet Explorer, Apple Safari, Google Chrome, Opera)
No fix yet for other browsers
Secure Internet Explorer and other browsers
Some web sites and programs (e.g. Quicken) may require Internet Explorer
Upgrade Adobe Flash Player Now
to fix
(to version 10.0.12.36 or later)
Perform the above upgrade in Firefox (or other browser)
and
Internet Explorer.
(IE uses a different, ActiveX version.)
Some technical details:
Clickjacking as a "Confused Deputy" Attack
·
Eric S. Home Page