How can I stop clickjacking attacks?

ITworld Answers

Ask a Question

How can I stop clickjacking attacks?

SilverHawk 38 weeks ago

One of the people at my office apparently clicked a "Like" button on a website, and next thing I know, our customers on Facebook are complaining about the porn link we "liked" after they followed our apparent recommendation. Welcome to the clickjacking party. Is there a way to prevent clickjacking from happening, short of barring people from going online at work?

Tags: clickjacking, internet, online security

Topic: Security

Answer this Question

Login or register to post answers
Permalink

Answers

2 total

becker 38 weeks ago

There are a couple of things that you can do that are really easy and will greatly decrease the risk while people are browsing. I install the NoScript plug-in on all the browsers at my office. We currently use Firefox, but I'm sure there is either a version of it for Chrome or a similar plug-in. The most effective thing that you can do, in my opinion, is disable Flash. If that generates too many complaints, at least make certain the most current version of Flash is installed and change the global security settings to "always deny" or at least "always ask". There is also a setting in there to deny access to your machine's cam and mic.

Share this answer
Permalink

jimlynch 38 weeks ago

Hi SilverHawk,

See this article about clickjacking, it includes a section on "likejacking" that you might find helpful.

Clickjacking
http://en.wikipedia.org/wiki/Clickjacking

"Likejacking, is a malicious technique of tricking users of a website into posting a Facebook status update for a site they did not intentionally mean to "like".[10] The term "likejacking" came from a comment posted by Corey Ballou[11] in the article How to "Like" Anything on the Web (Safely), which is one of the first documented postings explaining the possibility of malicious activity regarding Facebook's "like" button.[12]

According to an article in IEEE Spectrum, a solution to likejacking was developed at one of Facebook's hackathons.[13] A "Like" bookmarklet is available that avoids the possibility of likejacking present in the Facebook Like Button.[14]"

Share this answer
Permalink

Answer this Question

Related Questions

ernard

5 weeks ago

How can a DDoS attack on a single company slow down the entire internet?

The news wires have been reporting the largest DDoS attack in history is taking place today against a company called Spamhaus. I haven't...

Tags: DDoS, internet, Spamhaus

3 Answers

Answer It

Lemarchand

1 year ago

Are you ready to deploy a Next Generation Firewall?

Is Palo Alto the only true NGFW? SonicWall? Juniper SRX? Do you think that Gartner's definition of a NGFW is correct? Does anyone know...

Tags:

2 Answers

Answer It

tover

1 year ago

I'm considering a slight career change to IT security - what do I need to consider?

I've been in IT for awhile, and am considering a shift to focus more on security and related technologies, policies, etc. What kinds of...

Tags: infosec

2 Answers

Answer It

dblacharski

1 year ago

TRUSTED VOICE

Smartphone security apps

Are there reputable security applications out there for BlackBerry, Android, and iPhone that will protect my business emails, chats, and...

Tags: email security, smartphone security

2 Answers

Answer It

dblacharski

3 weeks ago

TRUSTED VOICE

How to recover data from crashed hard drive

Yes, it's true that everyone should know better, and should be backing up data to an off-site facility on a regular basis. But, in...

Tags:

4 Answers

Answer It

Ask a question

Bill would put mobile app vendors on the hook for privacy

The mobile industry's efforts to convince lawmakers that self-regulation alone is the best way to address growing concerns over privacy-invading mobile applications appears to be running into some headwind.

Payment card processors hacked in $45 million fraud

A vast debit card fraud scheme that allegedly netted US$45 million has been linked to the hacking of credit card processors in the U.S. and India.

The Onion explains how its Twitter account was hacked

Hackers who commandeered The Onion's Twitter account used simple but effective phishing attacks to obtain passwords, according to a writeup by the publisher's technology team.

US lawmakers introduce apps privacy bill

New legislation introduced by a group of U.S. lawmakers would require mobile application developers to obtain consent from consumers before collecting their personal data and to secure the data they collect.

Hacking back: Digital revenge is sweet but risky

As cyberattacks increase, victims are fighting back. But retaliation has its own consequences--and may create more damage.

Adobe warns customers of unpatched critical flaw in ColdFusion

Adobe has warned users of its ColdFusion application server platform of a critical vulnerability that could give unauthorized users access to sensitive files stored on their servers.

Name.com forces customers to reset passwords following security breach

Domain registrar Name.com forced its customers to reset their account passwords on Wednesday following a security breach on the company's servers that might have resulted in customer information being compromised.

Microsoft releases fix-it for Internet Explorer 8 vulnerability

Microsoft has released a temporary fix for a zero-day vulnerability in Internet Explorer 8, which was used by hackers in a prominent attack against the U.S. Department of Labor's website.

Researchers find hundreds of insecure building control systems

Intruders used to creep in through ventilation ducts. Now they break in using the software that controls the ventilation.

Interop network squares off against controlled 70G bit/sec DDoS attack

Testing company Ixia launches high-volume DDoS tests against F5 firewalls.