News, ideas & conversations for communicators worldwide
INTERNAL
PR
SPEECHWRITING
WEB CONTENT
GOVERNMENT
TIPS & TACTICS
HOT TOPICS
NEWSLETTERS
EVENTS
RESEARCH
E-TRAINING
CONSULTING
JOBS
 

« NY Times’ Pogue sheds light on Web 2.0 | Main | Personalized video »

Clickjacking threatens your security

It’s not a virus, Trojan, or a denial of service attack. The latest threat to your browser, computer, and network is click-jacking. Click-jacking is the result of a visit to a malicious web page that allows the attacker to take control of your browser. Specifically, it can force your browser to click on any link it wants.

THE THREAT

According to the latest Wikipedia definition:

“Clickjacking is a malicious technique of tricking web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function.”

In short, if you visit an unknown or unfriendly website then it could force your browser to click on nasty links that could take you anywhere (including the downloading of a virus or Trojan) or allow the attacker to take control of your computer. And it doesn’t matter which browser you use (Internet Explorer, Firefox, Chrome, Opera, etc.), all the big ones are vulnerable.

Megha Dhawan writes for Indiatimes Infotech and best sums-up the threat:

”So while you might think you are clicking on your bank funds transfer link, or saving a favourite URL link at Digg, or some innocuous Facebook application, the reality could be entirely different, and dark.

An attack can invisibly hover these virtual buttons below the users' mouse, so that when they click on something they visually see, they actually are clicking on something else the attacker wants them to…”

The United States CERT has issued the following warning: "Clickjacking gives an attacker the ability to trick a user into clicking on something only barely or momentarily noticeable. Therefore, if users click on a Web page, they may actually be clicking on content from another page.”

PROTECTION

• Ensue your browser is the most recent version (updated and patched)
• Ensure Adobe Flash plug-in patches are up-to-date (download the latest version)
• Click on the above link and download in each of the browsers you use (e.g. Internet Explorer and Firefox… don’t forget about Chrome or Opera if you use them)

As always, regardless of the threat, you’re likely safe if you stick to only trusted sites and blogs (in other words, visit known sites and stay away from “free” sites that offer song lyrics, photos, clip-art, porn, and especially video.

Tags:

Posted by Toby Ward on October 23, 2008 10:01 PM |

Post a comment

Important:
to protect against spam you must enter the letter "t" in the box.
(The comment will be posted ONLY when the safety letter is entered.)

About

This page contains a single entry from the blog posted on October 23, 2008 10:01 PM .

The previous post in this blog was NY Times’ Pogue sheds light on Web 2.0 .

The next post in this blog is Personalized video .

Many more can be found on the main index page or by looking through the archives.
Comment Feed Subscribe to this blog's feed
[What is this?]

Search


Recent Responses

Intranet Portal
The Internet is Dead, Long Live the Intranet
Nice posting Guys...
read all | post a response

llricke
MyStarbucksIdea.com – patronizing content… or really good idea?
I live in Greensburg, In. Don't close our Starbucks. It hasn't even been open a year. There are 3 in Columnbus, In. a...
read all | post a response

Recent Posts

FEATURED VIDEO

Blogger Bios

Posts by Author

Archives

View All

About

Tell us how you manage unrealistic expectations, meet reporter needs, churn out news when there is none, deal with a client you can't stand, and what you say to people that slam PR. Or anything else that's on your mind.

Ragan Blogs

Content Matters
- Toby Ward, Tim O'Keefe, and Todd Whitley

PR Junkie
- Melissa Underwood, Michael Sebastian, and Mark Ragan

Other Blogs

The Flack
- Shines a brighter light on the subtle roles played by public relations
IABC Cafe
- A gathering place for professional communicators
A shel of my former self
- Blogging at the intersection of communication and technology
KDPaine’s PR Measurement
- Ranting and raving about news, techniques, and development in the world of PR research and evaluation.

PR Newser

- PRNewser is a blog about Public Relations

Your PR guy
- The latest and most effective strategies to market your business.

Common Sense PR
- Business communications for the real world

Neville Hobson
- The place at the intersection of business, communication and technology.
More With Les
- Les Potter blogs about Strategic Communication and Public Relations

PR Open Mic
- Social Network for PR Students, Faculty, and Practitioners

The Bad Pitch
- An award-winning public relations resource

PR Squared
- Conversations about Social Media and Marketing

Powered by
Movable Type 3.33

Home | Internal Communication | Public Relations | Speechwriting | Web Content | Government Communication | Tips & Tactics | Hot Topics | Back to Top
MyRagan | MyManageresNetwork | MyRaganTV | Blogs | Podcasts | Jobs | Forums | eNewsletters
About Us | Copyright 2007 Ragan Communications, Inc. | Privacy Policy | Search | FAQ | Contact Us | Store | RSS RSS | Widgets | Site Map