Clickjacking: Causes Stir in Internet Security Browsers, Web Apps

A new bug has been found that has affected web browsers dubbed as ?Clickjacking.? Security pros explained that clickjacking gives an attacker the ability to trick a user into clicking on something only barely or momentarily noticeable. Simply put, it?s like a hijacker taking over an aircraft, except that in this case the aircraft is the click.

This new security threat was revealed by SecTheory LLC CEO Robert Hansen and Jeremiah Grossman. No less than the United States Computer Emergency Readiness Team or CERT had recently issued a warning against this new bug at its homepage.

CERT software experts explained that clickjacking takes place when Internet users are directed to malicious Web sites where hackers and scammers lay in wait to take control of a user?s browser profile. UK-based Kaspersky Lab IT security analyst Ryan Naraine said Clickjacking ?attacks fundamental flaws in the way most browsers work, and cannot be fixed with a simple patch.”

According to Aliso Veijo-California-based Net Applications, the multiple browsers and even web applications such as Adobe?s Flash are vulnerable to this security bug. The browsers include Internet Explorer, Mozilla Firefox, Apple?s Safari, Opera and even Google?s new Chrome browser. All in all, they constitute more or less 95 percent of browser market share.

Computerworld.com and VisualStudioMagazineOnline.com recently released articles that a full talk on Clickjacking was supposed to be given by Hansen and Grossman but Adobe and other ?affected vendors? requested that they wait until a systematic workaround or hotfix could be applied. Still, these sources said Mozilla on Monday (Oct. 6) released updates to its Thunderbird v2.0.0.17 e-mail application and Firefox v3.0.3 Web browser in an effort to ?address multiple vulnerabilities? including stealing personal information, undertaking cross-site scripting and denial of service attacks as well as Clickjacking. Meanwhile, they said a Microsoft is now doing a probe on this claimed security attack and will take steps to protect its customers.

So, should we be worried about Clickjacking? Well, if the CERT has issued a warning, I supposed we should be. Still, experts advise that to use Google?s Mozilla Firefox and Thunderbird until this security threat is contained.