How can I stop clickjacking attacks?

ITworld Answers

Ask a Question

How can I stop clickjacking attacks?

SilverHawk 40 weeks ago

One of the people at my office apparently clicked a "Like" button on a website, and next thing I know, our customers on Facebook are complaining about the porn link we "liked" after they followed our apparent recommendation. Welcome to the clickjacking party. Is there a way to prevent clickjacking from happening, short of barring people from going online at work?

Tags: clickjacking, internet, online security

Topic: Security

Answer this Question

Login or register to post answers
Permalink

Answers

2 total

becker 40 weeks ago

There are a couple of things that you can do that are really easy and will greatly decrease the risk while people are browsing. I install the NoScript plug-in on all the browsers at my office. We currently use Firefox, but I'm sure there is either a version of it for Chrome or a similar plug-in. The most effective thing that you can do, in my opinion, is disable Flash. If that generates too many complaints, at least make certain the most current version of Flash is installed and change the global security settings to "always deny" or at least "always ask". There is also a setting in there to deny access to your machine's cam and mic.

Share this answer
Permalink

jimlynch 40 weeks ago

Hi SilverHawk,

See this article about clickjacking, it includes a section on "likejacking" that you might find helpful.

Clickjacking
http://en.wikipedia.org/wiki/Clickjacking

"Likejacking, is a malicious technique of tricking users of a website into posting a Facebook status update for a site they did not intentionally mean to "like".[10] The term "likejacking" came from a comment posted by Corey Ballou[11] in the article How to "Like" Anything on the Web (Safely), which is one of the first documented postings explaining the possibility of malicious activity regarding Facebook's "like" button.[12]

According to an article in IEEE Spectrum, a solution to likejacking was developed at one of Facebook's hackathons.[13] A "Like" bookmarklet is available that avoids the possibility of likejacking present in the Facebook Like Button.[14]"

Share this answer
Permalink

Answer this Question

Ask a question

SoftBank said to be in talks with US to allay national security fears

The U.S. government is in negotiations with SoftBank for greater control over equipment purchases by Sprint Nextel and the selection of one of the Japanese company's nominee to the U.S. carrier's board, according to a news report.

Twitter aims to become safer with two-step sign-in

Twitter, in a much-needed move to keep its users safer from cyberattacks, is introducing a more secure login process.

Growing mobile malware threat swirls (mostly) around Android

Mobile devices are getting hit by a boom in malware similar to the one that hit PCs starting with the rise of the Web, a security software executive said Tuesday.

Blue Coat Systems to acquire security analytics firm Solera Networks

Blue Coat Systems, a provider of Web traffic filtering and business assurance products and services, plans to buy security analytics specialist Solera Networks, which uses data mining techniques to classify network traffic and detect potential security threats.

New Citadel malware variant targets Payza online payment platform

A new variant of the Citadel financial malware is targeting users of the Payza online payment platform by launching local in-browser attacks to steal their credentials, according to researchers from security firm Trusteer.

U.S. power companies under frequent cyberattack

A survey of U.S. utilities shows many are facing frequent cyberattacks that could threaten a highly interdependent power grid supplying more than 300 million people, according to a congressional report.

Bit9, FireEye, Palo Alto Networks team to hit zero-day malware

Bit9 has teamed with FireEye and Palo Alto Networks, which each have sandboxing technologies, in order to share information related to zero-day attack code.

Researchers find critical vulnerabilities in popular game engines

Security researchers found serious vulnerabilities in the engines of several popular first-person shooter video games that could allow attackers to compromise their online servers and the computers of players accessing them.

Why don't risk management programs work?

When the moderator of a panel discussion at the recent RSA conference asked the audience how many thought their risk management programs were successful, only a handful raised their hands. Why don't these programs work?

Attack on Telenor was part of large cyberespionage operation with Indian origins, report says

A recent intrusion on the computer network of Norwegian telecommunications company Telenor was the result of a large cyberespionage operation of Indian origin that for the past few years has targeted business, government and political organizations from different countries, according to researchers from security firm Norman Shark.