What is Click Jacking? - The Danger of the Invisible Button

(Page 2 of 4 )

Okay, so they got you to click their invisible button. It doesn’t exactly sound terrifying until you consider the fact that that click executes a whole range of things. That click could have just sent your banking data to Russia; it could execute a program in the background; it could turn on your camera and microphone so that you can be monitored; or it could just be downloading a virus on your system.

Are you scared yet? You should be. On that list, the virus is the least of the possible evils. There is no terror quite like that of considering the possibility that you are constantly being monitored by your own computer. It kind of takes the concept of cyber-stalking to a whole new level -- one where you had better hope the computer is not on in your bedroom, or somebody might be watching you while you get dressed.

In a lot of ways click jacking is an end-run around traditional security measures because those measures are meant to protect things from happening remotely or automatically to your system, and systems have a hard time determining whether you intended to click that button, or if you’ve just been duped big time. Think about it; how may times do you have to click something online? You click the submit button for any form, open your e-mail, do your online banking, and a million other things during the average day. Your web browser has little in the way of a defense when it comes to telling which click belongs where, and which one of these things is not like the others.

So, the next question is, why is this so much harder to fix than other Internet security problems? Well, that’s a good question, and I have two very good answers. First and foremost, scripts that create click jacking are hard to eliminate because they don’t use JavaScript or any other secondary coding language, which is a big order for CSS/DHTML, the very heart of how websites are made. That means that fixing these click jacks is a tricky business, because if it’s not done perfectly you run the risk of creating more bugs in the site. A fix the creates more problems isn’t practical enough to cut it in the real world, and no site admin in their right mind would intentionally put more bugs onto their site, not even to fix an attack.

The second problem that stands between us and an easy fix to click jacking is that checking relies heavily on frames, and those are so heavily relied upon that it is simply impractical to remove them from all of the web. Not to mention that the wide scale elimination of the use of frames technology would probably be fought by companies that sell online advertising, as it would hinder their business.

Next: Reducing Your Click Jacking Risks >>
 

More Web Hosting Articles Articles
More By Katie Gatto

Comments On: What is Click Jacking?

· This article was a big disappointment. There was a lot of "run for your lives" and...    · I looked over your links. The first was painfully short, and the second was a...    · I agree that it was shorter than this article, but I learned more from it. I don't...    · I don't know what you mean at all. I found the piece to be perfectly clear. There is...    · This article fails to mention exactly how click jacking could compromise a...   >>> Post your comment now!