clickjacking

Review your Internet Security

United States Computer Emergency Research team, US-CERT, has issued a warning about a serious vulnerability of all the popular Browsers like IE, Firefox, Opera, Safari etc. They have warned about an an attack that inserts itself in the middle of a user’s interaction with a Web page through clicking buttons. As soon as a person clicks on a link on a web page, his browser can perform any arbitrary function, including redirecting the browser to a third-party site, and a totally unwanted function may get performed.

This is called ClickJacking

According to one of the reports, Clickjacking gives an attacker the ability to trick a user into clicking on something only barely or momentarily noticeable. Therefore, if a user clicks on a web page, they may actually be clicking on content from another page. A separate report indicates that this flaw affects most web browsers and that no fix is available, but that disabling browser scripting and plug-ins may help mitigate some of the risks.

And the worst part is that not only the malicious web pages, any legit site like Newsweek, Digg or BBC may carry this to you. The exact magnitude of risks is yet to come out, but is clear that present browsers are incapable of avoiding it.

In such a situation you can only hope to not come across it, while browsing.

So, right now, there are four options for you.

  1. Stop Browsing the Internet, I know you can’t do it.
  2. Suspend your browsing and wait till these browsers get updated, this is also difficult.
  3. Start using Firefox, and install NoScript firefox plugin., You may not like it either, because this will make many of the sites you visit to appear as broken.
  4. Pray, that you do not fall victim to the attack.

I think the only option is the last one.