You Could be Getting Clickjacked
Page 1 of 1
Everyday we click on some kind of button in our Web browsers.
It could be a simple "Yes" button to agree to something or a "submit" button for your password. But do you know what you're actually clicking? If you're not careful, you could become a victim of a clickjacking attack.
"This vulnerability lets an attacker transparently collect user clicks and that enables them to force the user to do all sort of things from adjusting user settings to unwittingly visiting Web sites that might have malicious code," Jeff Moss, founder of Black Hat stated during an live Webinar on Thursday.
"It's sort of like the DNS cache vulnerability that [security researcher Dan] Kaminsky found where at first you think you understand all the implications, but the more you think about it the greater the problem becomes, sort of this daunting realization that things are screwed."
Whitehat security founder Jeremiah Grossman gets the credit for reporting the clickjacking security issues to Adobe earlier this year. That led to an update for its Adobe Flash product. Grossman said latest Flash 10 player does a good job of protecting against clickjacking.
But browsers still have holes that leave users vulnerable. Clickjacking can happen via malicious IFRAMEs,