It’s not a virus, Trojan, or a denial of service attack. The latest threat to your browser, computer, and network is click-jacking. Click-jacking is the result of a visit to a malicious web page that allows the attacker to take control of your browser. Specifically, it can force your browser to click on any link it wants.

THE THREAT

According to the latest Wikipedia definition:

“Clickjacking is a malicious technique of tricking web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function.”

In short, if you visit an unknown or unfriendly website then it could force your browser to click on nasty links that could take you anywhere (including the downloading of a virus or Trojan) or allow the attacker to take control of your computer. And it doesn’t matter which browser you use (Internet Explorer, Firefox, Chrome, Opera, etc.), all the big ones are vulnerable.

Megha Dhawan writes for Indiatimes Infotech and best sums-up the threat:

”So while you might think you are clicking on your bank funds transfer link, or saving a favourite URL link at Digg, or some innocuous Facebook application, the reality could be entirely different, and dark.

An attack can invisibly hover these virtual buttons below the users' mouse, so that when they click on something they visually see, they actually are clicking on something else the attacker wants them to…”

The United States CERT has issued the following warning: "Clickjacking gives an attacker the ability to trick a user into clicking on something only barely or momentarily noticeable. Therefore, if users click on a Web page, they may actually be clicking on content from another page.”

PROTECTION

• Ensue your browser is the most recent version (updated and patched)
• Ensure Adobe Flash plug-in patches are up-to-date (download the latest version)
• Click on the above link and download in each of the browsers you use (e.g. Internet Explorer and Firefox… don’t forget about Chrome or Opera if you use them)

As always, regardless of the threat, you’re likely safe if you stick to only trusted sites and blogs (in other words, visit known sites and stay away from “free” sites that offer song lyrics, photos, clip-art, porn, and especially video.

(Live blog entry from Cary, North Carolina) “Instantaneous, on-demand is the new way… all kids want today is instant, fast-forward access,” says David Pogue, columnist with the NY Times (addressing the Ragan Web 2.0 conference here in N.C). “I recently spoke at the National radio association conference… and they’re almost suicidal!”

Chat / Cell Terms to Know:

• LOL
• MORF?
• BRB
• IMHO
• RTFM
• POS (parent over shoulder)

Pogues recommended chat / cell terms for parents:

• WIWYA: when I was your age
• NCK: not a chance, kid
• LODH: logg off, do homework

Pogue’s recommended sites:

• Prosper.com (business plan funding)
• CarLoco (car pooling site)
• E-Petitions (UK government sponsored petitions against the Gov.)
• TripAdvisor.com
• WillItBlend.com (check out the iPhone smoothie)
• Google Alerts

Institutional blogs: much more trustworthy (see Microsoft’s Vista blogs with employees candidly discussing Vista problems… see http://shellrevealed.com/blogs/shellblog/archive/2006/10/09/Features-that-didn_2700_t-make-the-cut.aspx)

Web 2.0 Challenges

• Copywrites
• Trademarks
• It won’t stay put (see NBC’s Keith Olberman’s email on Rita debacle)
• You can’t contain it (yes, text messaging can be recorded and distributed)
• They’ll trust you once (Longelygirl15’s YouTube scam)
• When it turns on you (Jill Carroll hostage video… and public response)
• Short sellers (Apple CEO Jobs heart attack hoax… blog attack by short seller)
• Get involved

Pogue’s mock songs:

• “I want an iPhone” (Tune: I did it my way)
• “RIAA” (Tune: YMCA)

(Live blog entry from Cary, North Carolina) “So many intranets such because its being used as a storage bin,” says Jim Ylisela is president of Ragan Consulting. “The storage bin is the lowest common value.”

Read my full blog hit The problem with intranets on www.IntranetBlog.com.

(Live blog entry from Cary, North Carolina) “The employee-company relationship – this is the thing we do very, very well at SAS,” says Jim Davis, SVP & Chief Marketing Officer of SAS (delivering his keynote “Faster than a speeding bullet” at Ragan’s “Corporate Communications in a Web 2.0 World” conference”). “You have to think about your employees as your most important and valuable asset.”

Business analytics / business intelligence leader SAS is an incredible success story that owes its success to many factors, not the least of which is its employees:

• Profitable every year since 1976
• Revenue growth every year since 1976
• 10,000 employees, 44,000 customers
• 4,000 employees at headquarters in Cary, North Carolina
• Continually ranked by Fortune magazine as a top employer
• Average employee turnover is 4% (average in the software industry is 22%)
• Privately owned company – at SAS we don’t care what we say
• Don’t use outside agencies – all creative is done internally
• No technology is out-sourced – the people cutting the grass are employees
• Internal marketing team of over 1000

Employee tools at SAS:

• SAS Wide Web (intranet in multiple languages)
• Using SharePoint 2007 (MOSS)
• Employee Blogs
• Employee Wikis
• SAS Video portal (executive updates, podcasts, webcasts, town hall meetings)
• Two sound stages at SAS working every day

“People blog like crazy here now,” says Davis. Blogs are monitored and governed by an Employee Code of Ethics. In short, the blogging is self-policed. “Very few problems…” adds Davis. Training is also available including a program on “How to blog better.”

SAS encourages web use that is not necessarily directly related to the business: “I hate to hear companies that are blocking Facebook, YouTube and other sites…. It’s dumb! The only thing we block at SAS is porn!”

Four Critical Dimensions (Insight into change):
1- Human Capital
2- Knowledge Processes
3- Culture
4- Infrastructure
…
What’s next?

• “The data explosion – what are its sources and how can organizations cope?”
• “Is your organization ready for Generation Y?”
• “How are companies leveraging unstructured data?”
• “Is it technology or attitude?”
• “Web 3.0?” (speed and latency independent of the platform)

Davis cites Professor Deming: “It is not necessary to change. Survival is not mandatory.” (W. Edwards Deming)

“Change is a must; we have to change,” says Davis.

--

Editor’s note: SAS is a very progressive organization that is well worth watching (and reading about). I’ll be speaking in a little over an hour on “The latest and greatest in WCM: Trends, traps & tips.”

More to come…