How can I stop clickjacking attacks?

ITworld Answers

Ask a Question

How can I stop clickjacking attacks?

SilverHawk 39 weeks ago

One of the people at my office apparently clicked a "Like" button on a website, and next thing I know, our customers on Facebook are complaining about the porn link we "liked" after they followed our apparent recommendation. Welcome to the clickjacking party. Is there a way to prevent clickjacking from happening, short of barring people from going online at work?

Tags: clickjacking, internet, online security

Topic: Security

Answer this Question

Login or register to post answers
Permalink

Answers

2 total

becker 39 weeks ago

There are a couple of things that you can do that are really easy and will greatly decrease the risk while people are browsing. I install the NoScript plug-in on all the browsers at my office. We currently use Firefox, but I'm sure there is either a version of it for Chrome or a similar plug-in. The most effective thing that you can do, in my opinion, is disable Flash. If that generates too many complaints, at least make certain the most current version of Flash is installed and change the global security settings to "always deny" or at least "always ask". There is also a setting in there to deny access to your machine's cam and mic.

Share this answer
Permalink

jimlynch 39 weeks ago

Hi SilverHawk,

See this article about clickjacking, it includes a section on "likejacking" that you might find helpful.

Clickjacking
http://en.wikipedia.org/wiki/Clickjacking

"Likejacking, is a malicious technique of tricking users of a website into posting a Facebook status update for a site they did not intentionally mean to "like".[10] The term "likejacking" came from a comment posted by Corey Ballou[11] in the article How to "Like" Anything on the Web (Safely), which is one of the first documented postings explaining the possibility of malicious activity regarding Facebook's "like" button.[12]

According to an article in IEEE Spectrum, a solution to likejacking was developed at one of Facebook's hackathons.[13] A "Like" bookmarklet is available that avoids the possibility of likejacking present in the Facebook Like Button.[14]"

Share this answer
Permalink

Answer this Question

Related Questions

ernard

6 weeks ago

How can a DDoS attack on a single company slow down the entire internet?

The news wires have been reporting the largest DDoS attack in history is taking place today against a company called Spamhaus. I haven't...

Tags: DDoS, internet, Spamhaus

3 Answers

Answer It

Lemarchand

1 year ago

Are you ready to deploy a Next Generation Firewall?

Is Palo Alto the only true NGFW? SonicWall? Juniper SRX? Do you think that Gartner's definition of a NGFW is correct? Does anyone know...

Tags:

2 Answers

Answer It

tover

1 year ago

I'm considering a slight career change to IT security - what do I need to consider?

I've been in IT for awhile, and am considering a shift to focus more on security and related technologies, policies, etc. What kinds of...

Tags: infosec

2 Answers

Answer It

dblacharski

1 year ago

TRUSTED VOICE

Smartphone security apps

Are there reputable security applications out there for BlackBerry, Android, and iPhone that will protect my business emails, chats, and...

Tags: email security, smartphone security

2 Answers

Answer It

dblacharski

4 weeks ago

TRUSTED VOICE

How to recover data from crashed hard drive

Yes, it's true that everyone should know better, and should be backing up data to an off-site facility on a regular basis. But, in...

Tags:

4 Answers

Answer It

Ask a question

Security Manager's Journal: NAC deployment means better access control at last

The deployment has already revealed a whole lot of devices that don't meet the criteria for getting on the corporate network.

Chinese hackers master art of lying low

China's remarkable success in infiltrating U.S. government, military and corporate networks in recent years shouldn't be seen as a sign that the country is gaining on the U.S. lead in cybertechnology, security experts say. They're just very persistent and very good at remaining undetected for long periods of time.

Yahoo Japan says 22 million user IDs may have been stolen

Yahoo Japan, the country's largest Web portal, said up to 22 million user IDs may have been leaked during a hack that was discovered last week.

8 essential features you need in a business router

It's not enough to offer the latest wireless standard. Make sure the router that will support your office is up to snuff.

Testing cell networks across America: Phone crime is real

Our wireless testing guru ran into the dangerous world of smartphone crime several times while testing in America's largest cities.

Texas drone bill sparks a battle

The battle to find a balance between privacy concerns and the beneficial use of drones for commercial and law enforcement purposes is in sharp focus in a bill that's winding its way through the Texas legislature.

Alleged tech support scammers settle FTC charges

Operators of two alleged tech support scams that charged consumers hundreds of dollars to supposedly fix their computers have settled charges from the U.S. Federal Trade Commission.

Police arrest Anonymous suspects in Italy

Italian police arrested four suspected hackers Friday, accusing them of having taken control of the Italian branch of the Anonymous network.

Researchers uncover new global cyberespionage operation dubbed SafeNet

Security researchers from Trend Micro have uncovered an active cyberespionage operation that so far has compromised computers belonging to government ministries, technology companies, media outlets, academic research institutions and nongovernmental organizations from over 100 countries.

New Mac spyware found on Angolan activist's computer

Previously unknown Mac OS X spyware, signed with a valid Apple Developer ID, has turned up on the laptop of an activist from Angola at a human rights conference in Norway.