Home > collecting data, facebook, facebook security, Fake, hacking > ATTACK AND PROTECTION | CLICKJACKING | HACKING

ATTACK AND PROTECTION | CLICKJACKING | HACKING


I was surfing around the internet when i saw the news saying that clickjacking attack is now targeting facebook users. yeah it’s bad news for facebook user.

Now it is important to know about this attack because this is  a  very advanced attack and need some programming skill.

I will try to explain it  but it is a bit complicated for a non programmer to understand but not too hard as you are thinking now!!

Clickjacking Hacking

Clickjacking " Hacking "

Clickjacking is the short form of click hijacking. This vulnerability is used by an attacker to collect an infected user’s clicks. The attacker can force the to do all sort of things from adjusting the user’s computer settings to unwittingly sending the user to Web sites that might have malicious code.

Now how attacker can adjust user’s computer setting?? attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is “hijacking” clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both.

The term “clickjacking” was coined by Jeremiah Grossman and Robert Hansen in 2008.

The exploit is also known as UI redressing.

Attack Example:
The user receives an email with a link to a video about a news item, but another valid page, say a product page on amazon.com, can be “hidden” on top or underneath the “PLAY” button of the news video.

The user tries to “play” the video but actually “buys” the product from Amazon.

Prevention:

NoScript: This is the best prvention aginst Clickjacking. It is a firefox addon and prevent users from clicking invisible click.
GuardedID: It is a commercial product which provides client-side clickjack protection for users of IE or Firefox without interfering with the operation of legitimate iFrames
Comitari Web Protection Suite: Comitari provides client side protection against ClickJacking (aka UI Redressing) attacks. Installed as browser add-on

Source: hackingtricks & irish web

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: