This new word is buzzing in the computer world from the month of september, 2008.So i decided to study it further, here you can get a idea about it.
This word you can say as "word of the month" for september, as it is now publishing in every article related to computer security, web browser etc.
This word was first used by the two most renowned software professionals
1. Robert “RSnake” Hansen founder and chief executive of SecTheory LLC
2. Jeremiah Grossman chief technology officer at WhiteHat Security Inc
By using this word they were going to present a seminar at OWASP NYC AppSec conference(Open Web Application Security Project Newyork Application Security) and before the conference was going to start, they refused to give the seminar and this made a interesting topic between people, media and security specialists/professionals.
So What is ClickJacking?
In Grossman's words it is "Think of any button on any Web site that you can get to appear between the browser walls. Wire transfers on banks, Digg buttons, CPC advertising banners, Netflix queue.... The list is virtually endless, and these are relatively harmless examples. Next, consider that an attack can invisibly hover these buttons below the users' mouse, so that when they click on something they visually see, they actually are clicking on something the attacker wants them to."
All this thing i went through when one of my friend sent me a mail regarding Ctrl + C threats in Microsoft IE. It goes like this that when you copy some material using Ctrl + C or by copying data then any data that is copied on the clipboard, can be accessed via some websites, and if this can be done then you can think how bad it is because many of us use Ctrl + C regularly to put credit card no, ATM no etc to the related sites and if somebody hacked that data then what could be done by that information you can think it easily.
Specialists mention this as a tip of iceburg real problem is yet to come and that is what RSnake and Grossman did. They researched on this Browser Security related issues and information that they got was fascinating for them and so they decided not to share that information, because this is not the right time.
According to them if these problems revealed then everyone will go for the patches(third party) to solve the issue, but still problem arises who can trust on the third party vendors. So they decided that they would discuss these issues with the related Software companies(Microsoft, Mozilla, Apple, Opera, Google, Adobe) and they did. They went to the Adobe and told them the issues regarding Security, which they found in the Adobe Flash Player. Now they want that every Browser's company would come up with their patches only, so that problem can be solved to some extent. So they are waiting for Adobe to release their patches first then only they'll share their research data, code and everything.
These problems were also recognized by Microsoft and so they came up with their own patches in 2003 and 2004 for IE. Recently Mozilla also patched this clickjack vulnerabilty to their browser Firefox(NoScript Widget)
So what i got to know that Scripts are really dangerous to the privacy, security. Specially JavaScripts. The term that is used for this purpose is "Cross-site scripting".
Know yourself regarding plugin content (Flash, Silverlight, Java,DHTML,CSS...) and IFRAMES. So far 99.99 % (according to RSnakes's standards)of problems can be solved by installing NoScript widget into Firefox, and i would suggest you to go through various tutorials regarding how to solve these various problems using NoScript.
One thing at last i want to say that never click on anything if you're not sure what would be its result, in nutshell Prevention is better than Cure.
So friends share these things with your friends and keep reading regarding Computer Security, as it'll let you aware the ideas from which you can save your information.
See ya all.
Photograph : Henri Roger.
