Clickjacking is a nasty threat to your privacy and computer systems, because it can come in many shapes and forms, and can do incredibly bad things - such as take over your laptop's camera and microphone.

Clickjacking is a relatively new way that malicious websites can trick you into allowing your computer, or the website, to do things you didn't want it to. A malicious, or untrusted, website basically hides buttons on a web-page and tries to get you to click on them.

What Can You Do To Protect Your Information and Systems?

The best ways to counter it, and other similar web-surfing risks, are to:

1. Back up your data regularly, because you never know when you might get tricked into launching a malicious program on your computer these days.
2. Avoid suspicious links, attachments, downloads or updates. The bad guys are trying harder and harder to trick you into clicking on things that will give them information about you, or control over your computer.
3. If you're worried about the specific case where your camera and microphone might get "clickjacked", you should disable these devices when you don't need them. But this is just one risk from Clickjacking.
4. Use the Firefox browser (from www.firefox.com) with a plug-in program called Noscript. NoScript will block potentially dangerous programs from running while you are at "UNTRUSTED" sites. It's different from pop-up blockers and anti-virus software. NoScript comes with some "TRUSTED" sites predefined, but you can add them by right-clicking on a page and picking a menu item.
   NOTE: Ironically, when you locate this Add-On at the Firefox website, it says the Add-On's author has not been verified, and that you should only load Add-Ons you trust. It's a good warning to cover their butts, but NoScript by Giorgio Maone has a 5-Star rating and a weekly download rate of 275,000.

It's almost inevitable that you will get tricked by a link or attachment at some point. That's why it's always best to back up your data regularly to another device or computer, in case a malicious program does damage to your computer.

What's Being Done About It?

Browser vendors, as well as other software vendors such as Adobe (maker of Flash), are working feverishly to try to plug up this hole. They will likely put something similar to NoScript into their software, but they are struggling with this one, as it is a difficult problem for them to solve - so it may be a while.

Adobe apparently has a temporary work-around - see below - which involves changing a Flash setting to always deny requests by websites to have it turn on cameras and microphones.

CONCLUSION

In the meantime, you need to be prepared, and be suspicous.

For more information visit:

http://blogs.adobe.com/psirt/2008/10/clickjacking_security_advisory.html

http://www.pcworld.com/businesscenter/article/152049/researchers_reveal_clickjacking_attack_info.html

https://addons.mozilla.org/en-US/firefox/addon/722#reviews

Special Offer From The Streetwise Security Zone

Find out if your staff is treating your sensitive information and systems responsibly...

If you'd like to test your staff's security awareness in a unique way, visit the Streetwise Security Zone homepage at http://www-streetwise-security-zone.com to find out how you can run your own Honey Stick test.