Hackers attact from browsers

Prevent Clickjacking Attacks

At Rockingham I.T. Solutions we know a thing or two about clickjacking attacks and there isn't any foolproof way of detecting when it is happening to you. Through clever hackery, some dastardly villain somewhere will show you a website that looks harmless, but they can use it to steal your clicks, making you do something drastically different than what you think you're doing.

Clickjacking, put simply, is when a button, image, video, or some form of embedded content on a website is overlaid by an invisible layer that sits on top of the site underneath it.

For instance, you may see a page with a movie embedded on it. You want to watch the movie, so you click on the play button. You don't think twice about it -- you've done it a million times. Meanwhile, a hacker has superimposed an invisible web page over the movie. It just so happens that a button allowing access to your camera and microphone has been placed over the movie's play button. Now, when you think you're playing the movie, you're actually permitting the hacker to access your video camera and microphone.

That invisible layer sitting on top of the page has intercepted and highjacked your mouse click.

There are a few steps you can take to ensure clickjacking is stopped at the source. Let's get cracking.

Upgrade Flash Player

Clickjacking is invisible. If you have Flash installed and you click on the wrong link, you're vulnerable.

However, Adobe's latest version of Flash is ready for the bad guys. Adobe recommends first and foremost upgrading to the latest version of Adobe Flash Player. The free upgrade adds some safeguards that will ask you for permission before granting unauthorized access to your camera, microphone, or any other data through your Flash preferences.

Edit Your Flash Settings 

Go to the Adobe Flash Player Global Settings. You can access it by right clicking on any Flash movie and selecting "Global Settings." From there, edit your Global Privacy Settings to "Always Deny" access. While you are there, click on the Global Security Settings and also set it to "Always Deny."

Internet Explorer

Internet Explorer 8 and above have some safeguards in place that allow web developers to prevent unauthorized overlays on their web sites. This means that the web developer can protect their own pages from malicious code overlays that could occur from embedded ads or other content. However, this relies on you trusting the website and the content the web designer hosts.

Firefox and NoScript

Install the NoScript plug-in for Firefox. ( http://noscript.net/ )  NoScript will prevent all Flash movies from playing whenever you visit a site. You can always allow exceptions by clicking on the blank area where the movie would be. There's a small added bonus to going this route: NoScript, by way of blocking all Flash content, will automatically block Flash ads -- you know, the kind that take over the entire page or play loud music which consequently direct all stares from your work colleagues in your direction? Yeah, we hate those too.

NoScript is only available for Firefox for the time being, but plans are in place to port the add-on to Google Chrome.