Clickjacking in a Flash

Clickjacking is the scram script kiddies everywhere will be running on their websites in the hope of duping innocent web surfers into revealing confidential information while clicking on seemingly innocuous pages. According to Yahoo news, it was almost impossible to spot clickjacking attempts because there are so many ways it might be implemented. Indeed, the site claims there is no way to even estimate how many pages are already attempting to hijack your browsing. Apparently, a clickjack attack can be used to take control of your webcam and microphone without you even knowing. Very worrying, depending on what you do in front of your webcam.

However, no sooner had the alarm bells been rung and the scare stories posted, than I spotted the solution coming out of the virtual laboratories of NoScript. NoScript is an addon for Firefox that allows you to block all scripts that run in your browser window. It’s a super tool and bar the fact that you have to whitelist your bank site and do a little hacking to make it work with Stumbleupon it is a lifesaver.

Of course, NoScript is not available for Google Chrome (who uses Google Chrome anyway?). Other browsers including Opera and Internet Explorer are equally vulnerable to clickjacking. The problem affects browsers running Adobe’s Flash Player and Adobe has issued a warning and a security advisory warning users to disable Flash until it releases a patch at the end of October.