|
 |
|
Shop
You are here: News > News > Clickjacking Design Flaw Possible Target of Hackers
| » IT Security NEWS |
| » 22 May 2009 |
| Clickjacking Design Flaw Possible Target of Hackers |
| The Matrix has given non-tech-savvy laymen a rough idea of what a computer exploit is through a recurring appearance of a black cat or opening a door in a building and ending up in Tibet. A world created by computers can be manipulated in ways where interesting things can happen by proper exploitation of data. By interesting things, we mean putting your hand inside an empty top hat and pulling out a rabbit—or, to be more specific, grabbing hold of the contents of your fridge to get a can of beer and ending up with a book. Or a Chia Pet. Or a cat. Or the Voynich Manuscript. Crazy, random stuff. The Internet version of the phenomenon described by the above, seemingly nonsensical paragraph is a real occurrence that, according to Jeremiah Grossman, the co-founder and chief technology officer of WhiteHat Security, has the makings of becoming the latest Internet threat. Like its name suggests, clickjacking is the act of hijacking a user's click without his knowledge. A victim may not even know that his click has been redirected, which means clickjacking attacks can continue for a long time without anybody's knowledge. Grossman claims that unlike most exploits like worms or hacker attacks on security holes, clickjacking is a design flaw in the way that the Internet is supposed to function. What that means is that hackers overlaying an invisible button on something a user wants to click on can become any button on any website or webpage. Clicking is inescapable, and hackers can trap people by making them hijack their clicks, so to speak. The technique was prominently featured in a series of joke attacks launched on Twitter last February. In that instance, users clicked on links next to tweets that warned "Don't Click!" and then clicked on a button that also said "Don't Click!" on a separate webpage. The second click distributed the original tweet to all of the user's followers, which propagated the cycle rather quickly across the social network. At the time the prank was making its rounds, Grossman labeled it as a "harmless experiment", but the possibilities for damage and abuse of a hacker using the clickjacking technique cannot be denied. Clickjacking attacks are done by making something called an iFrame, which allows a browser window to be split into partitions so that different objects can be shown on each segment. This code is injected into the target webpage and is invisible to the end user. Once the target's cursor clicks on the section of the page where the malicious iFrame is hidden, the attack is commenced to do whatever the hacker desires. |
 |
 |
Awards & Reviews | |||||
|
||||||
|
|
Subscribe to our Mailing List |
|
|
|
|
Customer References | |
|
||
