Clickjacking! Noooooooooo!

October 8th, 2008 by marcel

Your rating: None Average: 2.6 (8 votes)

As if you didn't have enough to worry about, with the stock market crashing and all your savings going south . . . U.S. CERT issued a warning about a new browser exploit called "clickjacking". Worst of all, it even affects Linux browsers. Yikes! Jeremiah Grossman, founder and CTO of WhiteHat Security, U.S. CERT said, "Clickjacking gives an attacker the ability to trick a user into clicking on something only barely or momentarily noticeable. Therefore, if a user clicks on a Web page, they may actually be clicking on content from another page."

All modern browsers are affected (Internet Explorer, Safari, Firefox, Google Chrome, Opera) and no no fix is available. Sweet! You can, however, mitigate the risks by disabling scripting and plug-ins in your browser. Thereby making the whole point of modern browsers ancient history, or at least pretty much moot. To which I must reply, HOLY PENGUIN GUANO!

Firefox users can, if they want, take the Nyah nyah nyah ground with the NoScript Firefox extension. FlashBlock, Adblock Plus, and CustomizeGoogle are also good. Of course, doing all those things pretty much renders the point of modern browsers moot. Did I mention HOLY PENGUIN GUANO!?

There are plenty of sites covering this story, so read up and decide for yourself if the sky is falling.
__________________________

Marcel (Writer and Free Thinker at Large) Gagné
http://www.marcelgagne.com AND www.cookingwithlinux.com

Special Magazine Offer -- 2 Free Trial Issues!
Receive 2 free trial issues of Linux Journal as well as instant online access to current and past issues. There's NO RISK and NO OBLIGATION to buy. CLICK HERE for offer

Linux Journal: delivering readers the advice and inspiration they need to get the most out of their Linux systems since 1994.

Sorry, offer available in the US only. International orders, click here.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Kevin G's picture

Dude I've been using Flashblock/NoScript for the last 6 months

On October 13th, 2008 Kevin G (not verified) says:

And Adblock for at least a year. It doesn't moot the browser experience.. it speeds page loading and keeps me from having to see all that flashing ad nonsense I see on most pages so I can click on the content I want.

sorry you're having such a bad time..

waparmley's picture

Guess we can all go back to

On October 10th, 2008 waparmley says:

Guess we can all go back to lynx...

(I _do_ use elinks now and then.)

El Perro Loco's picture

Browsers are bloated and overrated...

On October 10th, 2008 El Perro Loco (not verified) says:

I know I am rowing against the tide here, but I just think browsers have too much functionality. They should stick with simple HTML pages and leave out all that "programmability" crap. Other functionality should be left to specific programs, in true UNIX philosophy. Want to see a movie? Fire up your movie/stream viewer. Want to get e-mail? Use your e-mail reader. Want to chat online? Well, you get the point.

What happened to the good, old KISS principle?

Anonymous's picture

Warning is mainly for VOIP users

On October 9th, 2008 Anonymous (not verified) says:

Click-jacking supposedly turns on your web-cam and microphone.

What can they do to you if you don't have a web-cam or microphone connected to the internet?

Kevin S.'s picture

Flashblock isn't that bad

On October 9th, 2008 Kevin S. (not verified) says:

Flashblock allows you to mouse over the Flash content and see the url. If it's from a site you trust, you can click on it and get the content. It's not that much of a hindrance.

mark zero's picture

Adblock Plus makes surfing

On October 8th, 2008 mark zero (not verified) says:

Adblock Plus makes surfing tolerable, not primitive.

Post new comment

Please note that comments may not appear immediately, so there is no need to repost your comment.
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <pre> <ul> <ol> <li> <dl> <dt> <dd> <i> <b>
  • Lines and paragraphs break automatically.

More information about formatting options

Featured Videos

Linux Journal Live - eBook Readers and DRM

November 14th, 2008 by Shawn Powers in

The November 13, 2008 edition of Linux Journal Live! Shawn Powers and special guest, Linux Journal Author Daniel Bartholomew, talk e-book readers and Daniel's Kindle, DRM, and other goodness.

From the Magazine

December 2008, #176

The Oxford English Dictionary says the word "gadget" is a placeholder name for a technical item whose precise name one can't remember. Like that book-reader thingy from Amazon...what's it called? Spindle, Gindle...Kindle, that's it. Check it out in this month's gadget issue.

Other gadgets covered include the Nokia tablets, the BlackBerry, the Neo FreeRunner, the Dash Express, the Roku Netflix Player, the Kangaroo TV, The TomTom GO 930 and the MooBella Ice Cream System. On the larger hardware front, read the reviews of the Acer Aspire One and the YDL PowerStation. On the software front, check out the articles and columns on memcached, Samba security, Mutt, desktop gadgets, bash and Puppet. To wrap it all up, read Doc's thoughts on Google and the browser platform.

Read this issue

Sign up for our Email Newsletter