Click Jacking
Definition :-
"Clickjacking is a malicious technique of tricking web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages." - Wikipedia
Introduction :-
A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function.
The long list of vulnerabilities involves browsers, Web sites and plug-ins likeFlash.
How It Works? :-
ClickJacking is a little bit difficult to explain however try to imagine any button that you see in your browser from the Wire Transfer Button on your Bank, Post Blog button on your blog, Add user button on your web-site, Google Gadgets etc.
ClickJacking gives the attacker to ability to invisibly float these buttons on-top of other innocent looking objects in your browser.
So when you try to click on the innocent object, you are actually clicking on the malicious button that is floating on top invisibly.
In other words, the attack is thrown by a malicious web page embedding objects, possibly from a different site, such as framed documents or plugin content (Flash, Silverlight, Java…) which may lead to unwanted results if clicked by the current user (e.g. a “Delete all messages” button in your webmail or an advertisement banner in a click fraud scheme). Using DHTML, and especially CSS, the attacker can disguise or hide the click target in several ways which go completely undetected by the user, who’s easily tricked into clicking it in a more or less blind way.
javascript increases the effectiveness of these attacks hugely, because it can make our invisible target constantly follow the mouse pointer, intercepting user’s first click with no failure.
We can however imagine a few less effective but still feasible scriptless scenarios, e.g. covering the whole window with hidden duplicates of the target or overlaying an attractive element of the page, likely to be clicked (e.g. a game or a porn image link), with a transparent target instance.
Examples :-
1) Malicious camera spying using Adobe's Flash.
2) Flash, Java, SilverLight, DHTML Game or Application used to Spy on your Webcam and/or Microphone.
The best defense against ClickJacking attacks is to use Firefox with the NoScript add-on installed.
NoScript 1.8.9.2
Allow active content to run only from sites you trust,
and protect yourself against XSS and Clickjacking attacks...!
kate spade handbags, tn pas cher, lacoste pas cher, michael kors outlet, michael kors, michael kors, timberland, vanessa bruno, michael kors outlet, true religion jeans, coach outlet, true religion jeans, oakley pas cher, burberry outlet online, nike roshe, michael kors outlet, nike air max, true religion jeans, coach outlet, new balance pas cher, nike free run uk, north face, michael kors outlet, sac guess, north face, nike air max, michael kors, lululemon, coach purses, michael kors, hogan, burberry, mulberry, nike air max, hollister, converse pas cher, abercrombie and fitch, vans pas cher, michael kors outlet, replica handbags, ray ban uk, ralph lauren uk, true religion outlet, ugg boots, ray ban pas cher, nike blazer, ugg boots, hermes, hollister pas cher, air force
ReplyDeletereebok shoes, hollister, soccer shoes, ralph lauren, gucci, babyliss, lululemon, herve leger, louboutin, birkin bag, lancel, jimmy choo shoes, nike huarache, bottega veneta, soccer jerseys, vans shoes, hollister, baseball bats, new balance, ghd, iphone cases, nike air max, giuseppe zanotti, chi flat iron, north face outlet, vans, ray ban, timberland boots, p90x workout, abercrombie and fitch, insanity workout, ferragamo shoes, wedding dresses, nike roshe, hollister, asics running shoes, longchamp, celine handbags, instyler, oakley, nfl jerseys, mcm handbags, converse outlet, beats by dre, mont blanc, valentino shoes, nike trainers, mac cosmetics, north face outlet, nike air max
ReplyDeleteugg,uggs,uggs canada, wedding dresses, louis vuitton, pandora charms, pandora jewelry, louis vuitton, marc jacobs, moncler outlet, moncler, canada goose, supra shoes, canada goose uk, moncler, links of london, moncler, karen millen, moncler, toms shoes, pandora jewelry, doudoune canada goose, replica watches, moncler, juicy couture outlet, moncler, swarovski crystal, canada goose, pandora charms, juicy couture outlet, canada goose, coach outlet, bottes ugg, louis vuitton, ugg,ugg australia,ugg italia, thomas sabo, swarovski, canada goose outlet, montre pas cher, louis vuitton, ugg boots uk, canada goose, hollister, canada goose outlet, sac louis vuitton pas cher, moncler, ugg pas cher
ReplyDelete