If you read above news completely, It will be easy for you to understand what is clickjacking. Ok, lets continue to our Article.
Clickjacking also known as UI Redressing,is one of Malicious Technique tricking users to click the button/image that will run hidden malicious script from another site.
An attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the innocuous page. Thus an attacker hijack the click to another website. That’s why it is known as Clickjacking(Click+Hijacking). The term “clickjacking” was coined by Jeremiah Grossman and Robert Hansen in 2008.
Lets take the real time example “Linkedin clickjacking vulnerability.
The above image may look like simple maths problem. Once you click the submit button, it will delete your Linkedin account(if you are logged in) without asking any questions.
- Tricking users to turn on their webcam and microphone using this adobe vulnerability (this security flaw fixed by adobe)
- Getting more Twitter Followers
- Post in your facebook wall.
- Can delete your profile.
Client Side(Security tips for users):
Update your Flash Player(old version are vulnerable to Clickjacking).
Noscript is Mozilla add on that provides protection against clickjacking,XSS and other malicious scripts. Noscript is available for mobiles also.
Comitari Web Protection Suite: Comitari provides client side protection against ClickJacking (aka UI Redressing) attacks. Installed as browser add-on
GuardedID: It is a commercial product which provides client-side clickjack protection for users of IE or Firefox without interfering with the operation of legitimate iFrames
Server Side( For Developers)