Posts Tagged ‘NoScript’

How Serious is the Clickjacking Threat?

Thursday, November 27th, 2008

Learn More About Clickjacking

Technical news mags such as ZDnet report that clickjacking may be a serious threat that affects any Internet browser.

Clickjacking in a Nutshell

In laymen’s terms, clickjacking happens when a malicious page is hiding behind what appears to be a safe webpage. When you click an item on the supposedly safe page, your computer is clickjacked by malicious code which then hijacks your pc’s accessories or other components.This happens without your knowledge.

Typically, webcams are hijacked, but the clickjacking code can affect other areas of your computer equipment. Your microphone or sound system can be exploited, for example, or your computer can be taken over in other ways.

Adobe’s Flash Player was especially vulnerable to clickjacking, but Adobe has come out with a fix to address the issue.

What Browsers are Safe?

Clickjacking is a cross-browser malicious code, which affects virtually all Internet browsers.   It cannot be quickly fixed by disabling javascript.

The only known solution is a “No Script” add-on that works with Firefox.

Problems with the Clickjacking Fix

After using No Script for a week or so, I disabled it because it made web surfing a chore. Every site that I visited was blocked to some degree or another because the site contained YouTube videos, ads or javascript coding.  For instance, the following were all blocked by No Script:

  • Google Analytics
  • Pepperjam network
  • Peelaway Ads
  • Voxant’s newsroom
  • Chitika
  • and many, many more (see the partial list of affiliate programs and other utilities blocked by No Script).

There’s a little bit of good news for Google publishers and advertisers. Adsense is automatically whitelisted by the No Script add-on. Most of the others have to be manually whitelisted. It is highly unlikely that the average Internet user will do so.

If clickjacking is truly the threat that some would say that it is, and if solutions such as No Script are the only way to fight back, I can see that this situation will kill online advertising.   Even the big boys’ ads, such as those delivered by Adserver Plus, were blocked by the Firefox add-on.

Conclusion:  Maybe the Threat is Overrated

My web browsing experience is back up to speed since I’ve disabled No Script and so far I haven’t been hit by any type of clickjacking activities. It is possible that the threat is not as bad as some would claim.

The NotGuru blog has posted some videos that show exactly how clickjacking works and how to install fixes.

Tags: , , , ,
Posted in internet and businesses online | No Comments »