Click jacking is one of the latest browser-based security threats facing website owners and their visitors.  The key term here is browser-based, meaning this one can impact any user irrespective of their browser.  Because of this, not even Mac and Linux users are off-limits.  Click jacking is an attack that manipulates CSS and iFrames, using them to place invisible content over visible links or buttons.  While the technical aspects can be somewhat confusing, the concept of click jacking is quite simple – trick the user into interacting with something other than what they believe they are clicking on.  This puts the unknowing end-user in a tough situation, especially when they believe they are clicking on a genuine button on a legitimate site.  The most disturbing part of it all is that you can actually be on your financial institution’s website and still be victimized by click jacking.

Click Jacking in Action

Click jacking is a damaging threat that needs to be taken very seriously.  Security experts have been considering the concept of demonstrating how unsuspecting users can be compromised.  In one example, a simple web-based game was used to control the user’s web cam and also transmit audio and video without the victimized computer ever displaying the warning that asks for permission.  Instead, the user’s clicks were hijacked to approve these actions without their knowledge and consent.  Aside from manipulating Flash, click jacking can be used to compromise typical web pages as well.  Because it runs in a client browser, an attacker can gain access to anything the end-user is logged in to.  For example, they could tamper with your MySpace profile, reprogram your router or even interact with your online banking site.  The limitation of this attack is that it is reduced to actions that can be performed through clicking.  In the new age of computing, that is a considerable amount of power.

Protection Against Click Jacking

Website and server administrators can stop click jacking from the backend of things.  End-users have to take other precautions.  As of now, one of the best methods of defense is a FireFox plugin called NoScript.  This Javascript/Flash blocker is able to provide adequate protection when configured properly.  Unfortunately, the default configuration provides little to no protection and leaves you vulnerable to sites that you give permission to use iFrames.   In order to configure the plugin, click on the NoScript icon in your FireFox browser, navigate to the “Plugins” tab and check the “Forbid iFrame” option.  This will keep you protected from all sites you have not whitelisted as safe.

Researchers and security experts are suggesting that Flash and browser updates will be released to address the growing problem of click jacking.  Until then, it would be wise to utilize FireFox equipped with its NoScript plugin for your online banking endeavors.  If Mac OS X Leopard is your operating system, you could use the Fluid app to create an application specifically designed for your banking site.

Related posts:

1. Prevalent Security Threats in 2009

Original: A Serious Threat to Consider: Click Jackers

Security becomes more of a challenge everyday for website owners and administrators.  If it isn’t someone trying to deface your homepage and enrage your audience, it is another looking to commit more heinous acts such as stealing sensitive information or putting your identity in jeopardy.  In order to keep yourself protected, it is a must that you stay aware of the emerging threats.  Here are a few stirring up some of the most trouble in 2009.

Zombie Armies

Although zombie armies and DDoS attacks on large servers and networks is nothing new, this combined threat continues to be a major problem.  Security experts are projecting that the issue will likely worsen as computer systems increasingly rely on wireless connections to the internet.  Therefore, while this threat has been around for sometime, you should never get too relaxed and think your website or server is immune to exploitation.  On a good note, there are a few methods you have at your disposal that have proven to effectively combat an attack should the enslaved army of computers come your way.

Click Jacking

Another security threat on the rise, click jacking is pretty much what it sounds like: the act of hijacking a click.  A perfect example would be an intruder replacing the form button on your site with a button of their own.  Doesn’t sound all that menacing?  However, consider this – a new customer goes to enter their credit card information via the form on your website.  When clicking the button, the user is redirected to a rogue site where they are prompted to enter their financial details.  If they happen to fall for this trick, the customer could be out of their funds and you could possibly be out of business for allowing it to happen.  Click jacking can be very difficult to detect as the visitor could end up on the fraudulent site without even realizing they have left your domain.  Difficulty aside, this is one threat you need to learn how to prevent as it is becoming widespread at a disturbing rate.

Advanced Virus Strains

A number of security reports are showing that virus programs are growing more sophisticated and difficult to detect.  Easy access to malicious tools have enabled code writers to create viruses that elude scanners, allowing them to do so with less skills and less effort.  These findings give indication that more advanced virus scanning solutions are warranted.  Experts are hinting that systems of the very near future may do away with the today’s signature-based scanning in favor of techniques such as application whitelisting or application heuristics.  These methods could end up being integral parts of your virus defense mechanisms.

The clan of internet criminals are working overtime to wreak havoc in the year 2009 and beyond.  What we have listed in this article are just a few of numerous threats you need to be aware of.  In order to ensure an adequate level of protection, we recommend getting together with your administrator or hosting provider to discuss the areas and security issues that concern you the most.

Related posts:

1. A Checklist for Website Security
2. Why is Web Hosting Security so Important?

Original: Prevalent Security Threats in 2009