How can I stop clickjacking attacks?

SilverHawk

One of the people at my office apparently clicked a "Like" button on a website, and next thing I know, our customers on Facebook are complaining about the porn link we "liked" after they followed our apparent recommendation. Welcome to the clickjacking party. Is there a way to prevent clickjacking from happening, short of barring people from going online at work?

Topic: Security
Answer this Question

Answers

2 total
becker
Vote Up (11)

There are a couple of things that you can do that are really easy and will greatly decrease the risk while people are browsing.  I install the NoScript plug-in on all the browsers at my office.  We currently use Firefox, but I'm sure there is either a version of it for Chrome or a similar plug-in.  The most effective thing that you can do, in my opinion, is disable Flash.  If that generates too many complaints, at least make certain the most current version of Flash is installed and change the global security settings to "always deny" or at least "always ask".  There is also a setting in there to deny access to your machine's cam and mic.   

jimlynch
Vote Up (11)

Hi SilverHawk,

See this article about clickjacking, it includes a section on "likejacking" that you might find helpful.

Clickjacking
http://en.wikipedia.org/wiki/Clickjacking

"Likejacking, is a malicious technique of tricking users of a website into posting a Facebook status update for a site they did not intentionally mean to "like".[10] The term "likejacking" came from a comment posted by Corey Ballou[11] in the article How to "Like" Anything on the Web (Safely), which is one of the first documented postings explaining the possibility of malicious activity regarding Facebook's "like" button.[12]

According to an article in IEEE Spectrum, a solution to likejacking was developed at one of Facebook's hackathons.[13] A "Like" bookmarklet is available that avoids the possibility of likejacking present in the Facebook Like Button.[14]"

Ask a question

Join Now or Sign In to ask a question.
A company that specializes in selling information on software vulnerabilities has reignited a debate over the handling of such information, especially when it pertains to privacy-focused tools.
Developers of Tor software believe they've identified a weakness that was scheduled to be revealed at the Black Hat security conference next month that could be used to de-anonymize Tor users.
Email encryption startup Virtru has launched a version of its service for businesses using Google Apps, a market segment that the company thinks is showing increased interest in secure communications.
Researchers have concluded that those billions of connected devices could help save lives in the event of disaster, even one that knocks out the Internet
Goodwill Industries International said Monday federal authorities are investigating a possible payment card breach at its U.S.-based retail outlets.
A presentation on a low-budget method to unmask users of a popular online privacy tool, TOR, will no longer go ahead at the Black Hat security conference early next month.
Three stealthy tracking mechanisms designed to avoid weaknesses in browser cookies pose potential privacy risks to Internet users, a new research paper has concluded.
It's not just dissidents looking for anonymous email, but everyday people who'd rather not reveal their true identity.
In its quest to help enterprises seek out and neutralize all threats to their Wi-Fi networks, AirMagnet is now looking to the skies.
This reduces time-to-mitigation for numerous types of events.

White Papers & Webcasts

See more White Papers | Webcasts

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

randomness