How to stop click jacking on your site #HackerSeries
Click jacking is a hacking technique whereby a user is tricked into clicking something that they otherwise would not have clicked. Let me give you an example. Have you ever been onto a video streaming website where the red cross in the top right of the video player does not cause it to close? Well, this is an example of a click jack – it can cause a piece of malware to be downloaded, turn on your web cam and plenty of other things.
Generally, click jack websites are a spoof of a well known website with a slightly different URL (that most people won’t notice). This can be done through the use of iFrames with buttons, text and images overlayed over it.
Facebook is actually a source of a lot of click jacking. Have you ever seen the sort of story pop up “You won’t believe what this girl did….”, well, some of these links will present a user with a CAPTCHA which, once completed, will mean that the user likes / shares the story. It’s a great (but completely immoral) way to obtain lots of user details (name, date of birth, location….).
If you’re worried about your website being click jacked, there is a solution. Tools such as X-Frame will help you to stop click jacking being successful. Essentially, you can restrict how your web page can be iFramed and you can also force the framed window to be the most top level window (reducing the effectiveness of overlay items).
This article was brought to you by Netshock. Netshock is your technology blog, providing technology news, guides and insight.