Today’s new word is “clickjacking.” Clickjacking (from Wikipedia.com) is “a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.”
There have been a rash of recent clickjacking attacks that take advantage of Facebook's "Like" functionality. For example, you may think you are clicking on the “play” button to watch a video that a friend appears to have posted. Unbeknownst to you, your friend is actually a victim of this scam. He didn’t post the video, the scammer that scammed him did. The attackers can actually program a transparent or invisible link over the top of the “play” button of your friend’s video. When you click “play” you are actually clicking on an invisible “like” button. That can explain why your grandma suddenly appears to “like” “Hot Motorcycle Mammas.”
The same method can be used to trick you into installing a malicious Facebook “app” that will post all sorts of embarrassing nastiness to your page. To your friends, it appears that you are posting nasty stuff but, in actuality, it is the malicious app that is doing the posting for you in your name. In essence, the attacker has "hijacked" the user's mouse click, hence the name "Clickjacking". Nice huh?
One of the more disturbing examples of Clickjacking was an attack against the Adobe Flash Player plugin settings. Using this “invisible link” scheme, an attacker could trick a user into altering the security settings of Flash, giving permission for any Flash animation (such as a Youtube video) to turn on your computer’s microphone and camera so that the attacker can get a good look at you. This is the 21st Century’s version of a peeping tom.
I’d like to introduce you to a bit of software than can help avoid this kind of trap and other ripoffs and scams. It’s called “Web of Trust” (WoT). WoT is a browser plug-in. A plug-in is a small bit of software that is an add-on to whatever Internet browser you use (e.g. Internet Explorer). This software uses “crowd-sourcing” techniques to aid in safe surfing.
Crowd-sourcing is a process of gathering the intelligence of crowds of people in order to perform tasks, solve complex problems or contribute to a cause. WoT unobtrusively invites you to “rate” web pages as you visit them. You rate the page based on trustworthiness, vendor reliability, privacy and child safety. Those ratings are performed by millions of individuals who have installed WoT into their browser.
While you are using Facebook, WoT will place a little yellow, red or green circle beside all website links. It is is red, and you are silly enough to click on it anyway, you will be given a warning that the site is not trusted based on user ratings. It will allow you to go on to the site but at your own risk. It provides no virus protection or any other protection. Think of it as a big brother who is standing beside you giving advice that you can either use or lose.
It is a 100% free service for individuals. Download and install at from www.MyWoT.com.
There have been a rash of recent clickjacking attacks that take advantage of Facebook's "Like" functionality. For example, you may think you are clicking on the “play” button to watch a video that a friend appears to have posted. Unbeknownst to you, your friend is actually a victim of this scam. He didn’t post the video, the scammer that scammed him did. The attackers can actually program a transparent or invisible link over the top of the “play” button of your friend’s video. When you click “play” you are actually clicking on an invisible “like” button. That can explain why your grandma suddenly appears to “like” “Hot Motorcycle Mammas.”
The same method can be used to trick you into installing a malicious Facebook “app” that will post all sorts of embarrassing nastiness to your page. To your friends, it appears that you are posting nasty stuff but, in actuality, it is the malicious app that is doing the posting for you in your name. In essence, the attacker has "hijacked" the user's mouse click, hence the name "Clickjacking". Nice huh?
One of the more disturbing examples of Clickjacking was an attack against the Adobe Flash Player plugin settings. Using this “invisible link” scheme, an attacker could trick a user into altering the security settings of Flash, giving permission for any Flash animation (such as a Youtube video) to turn on your computer’s microphone and camera so that the attacker can get a good look at you. This is the 21st Century’s version of a peeping tom.
I’d like to introduce you to a bit of software than can help avoid this kind of trap and other ripoffs and scams. It’s called “Web of Trust” (WoT). WoT is a browser plug-in. A plug-in is a small bit of software that is an add-on to whatever Internet browser you use (e.g. Internet Explorer). This software uses “crowd-sourcing” techniques to aid in safe surfing.
Crowd-sourcing is a process of gathering the intelligence of crowds of people in order to perform tasks, solve complex problems or contribute to a cause. WoT unobtrusively invites you to “rate” web pages as you visit them. You rate the page based on trustworthiness, vendor reliability, privacy and child safety. Those ratings are performed by millions of individuals who have installed WoT into their browser.
While you are using Facebook, WoT will place a little yellow, red or green circle beside all website links. It is is red, and you are silly enough to click on it anyway, you will be given a warning that the site is not trusted based on user ratings. It will allow you to go on to the site but at your own risk. It provides no virus protection or any other protection. Think of it as a big brother who is standing beside you giving advice that you can either use or lose.
It is a 100% free service for individuals. Download and install at from www.MyWoT.com.
No comments:
Post a Comment