Saturday, December 15, 2012


Clickjacking



The Clickjacking attack was introduced by Robert Hansen and Jeremy Grossman in September 2008. This attack constructs a malicious web page to trick the user into performing unintended clicks that are advantageous for the attacker. Its propagate worms, steal confidential information passwords, cookies, send spam, delete personal mails, etc. This is very much attracted a broad attention by the security industry and the web community. Most websites still have not implemented effective protection against Clickjacking. 

This vulnerability across a variety of browsers and platforms, a Clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function. Clickjacking also known as user interface redressing is one of Malicious Technique tricking users to click the button or image that will run hidden malicious script from another site. An attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the innocuous page. Thus an attacker hijacks the click to another website. That's why it is known as Clickjacking (Click+Hijacking). The possibilities for how clickjacking software could be abused are endless. 

There are a number of things that have major Web sites and companies especially alarmed. In some cases, the user may be able to recognize this immediately; in other cases, the user may be totally unaware of what took place. First is the fact the program can run on virtually any Web site without the Web site owner's knowledge or ability to stop it. Second, clickjacking can take the user to a mirror site while still making them believe they are on the Web site of the company and mine personal information, often which is freely given. Third, no browser, except the very few that are not based on graphics, is immune from clickjacking software. In addition to stealing personal data, such as bank account information, credit card information and Social Security numbers, clickjacking can also install a number of software applications on a computer without the user's knowledge. This software could be harmful viruses, spyware or adware. The latter may not be extremely harmful in nature but it often presents a big problem for computers. Browsers and Internet security software companies are working on a security patch that would help correct the situation. However, that may take some time.

No comments:

Post a Comment