Subscribe Twitter Twitter

Saturday, May 28, 2011

What is Clickjacking

Clickjacking is a malicious technique of tricking web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.


Clickjacking involves generating a fake graphical overlay on top of an existing Web page in order to visually change the Web page while preserving its functionality (buttons, forms, etc.). This is done with the intension of misleading users to interact with the hidden Web page while they believe they are interacting with a completely different Web site.

Using only CSS Z-INDEX and HTML IFRAME, an attacker can create a transparent victim web page that contains privileged buttons. Underneath this transparent IFRAME, the attacker puts content, like a game, that entices the user to click. You may think you're playing a game, when you're actually starting a webcam recording.

For example this scam called OMG teacher nearly kills boy once you click on the link it will tell you like Woah in order to see the video you must complete a survey and if you do that you just given a hacker/thief your credit card details and other private info

source:http://www.mywot.com/en/forum/12372-clickjacking-attacks-spotted-on-facebook

0 comments: