Protect Your Webcam from Clickjacking

7 12 2008

Learn More About Clickjacking

Technical news mags such as ZDnet report that clickjacking may be a serious threat that affects any Internet browser.

Clickjacking from the Layperson’s Perspective

In laymen’s terms, clickjacking happens when a malicious page is hiding behind what appears to be a safe webpage.   When you click on an item, your computer is “clickjacked” by the malicious code, which then hijacks various components of your computer.This happens without your knowledge.

Typically, webcams are hijacked, but the clickjacking code can affect other areas of your computer equipment. For instance, your microphone or sound system can be exploited, or your computer can be taken over in other ways.

Adobe’s Flash Player was especially vulnerable to clickjacking, but Adobe has come out with a fix to address the issue.

What Browsers are Safe?

Clickjacking is a cross-browser malicious code, which affects virtually all Internet browsers.   It cannot be quickly fixed by disabling javascript.

The only known solution is a “No Script” add-on that works with Firefox.

Problems with the Clickjacking Fix

After using No Script for a week or so, I disabled it because it made web surfing a chore. Every site I visited was blocked to some degree because of YouTube videos, javascript coding or ads installed on the page.  For instance, the following were all blocked by No Script:

  • Google Analytics
  • Pepperjam network
  • Peelaway Ads
  • Voxant’s newsroom
  • Chitika
  • and many, many more (see the partial list of affiliate programs and other utilities blocked by No Script).

Google’s Adsense is one of the few advertising networks that are automatically whitelisted by the No Script add-on.   Most of the others need to be manually whitelisted and it is unlikely that the average Internet user is going to do so.

If clickjacking is indeed a serious threat and script blocking solutions are the only way to fight back, then I can see online advertising taking a big hit. Adserver Plus, Doubleclick and other big ad networks were blocked by the No Script add-on.

Conclusion:  Maybe the Threat is Overrated

My web browsing experience is back up to speed since I’ve disabled No Script and so far I haven’t been hit by any type of clickjacking activities. It is possible that the clickjacking threat is overrated.

The NotGuru blog has posted some videos that show exactly how clickjacking works and how to install fixes.

« Your Blog and SEO How To Make Money Blogging »


Actions

Informations

  • Date : 7 December 2008
  • Categories : General

Leave a comment

You can use these tags : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


FireStats icon Powered by FireStats