{"id":4961,"date":"2011-06-17T14:08:01","date_gmt":"2011-06-17T04:08:01","guid":{"rendered":"http:\/\/bonzamobilecomputerrepairs.com\/blog\/?p=4961"},"modified":"2011-07-26T11:55:53","modified_gmt":"2011-07-26T01:55:53","slug":"about-clickjacking","status":"publish","type":"post","link":"http:\/\/bonzamobilecomputerrepairs.com\/blog\/?p=4961","title":{"rendered":"About Clickjacking"},"content":{"rendered":"<p>Hardly a day goes by without someone asking\u00a0a Bonza technician to remove a virus(s) from a computer or laptop.\u00a0This post may help you to \u201c<em>pause a sec\u201d<\/em> before you click! <a href=\"http:\/\/bonzamobilecomputerrepairs.com\/blog\/wp-content\/uploads\/2011\/06\/clickjacking.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-4994\" title=\"clickjacking\" src=\"http:\/\/bonzamobilecomputerrepairs.com\/blog\/wp-content\/uploads\/2011\/06\/clickjacking.jpg\" alt=\"clickjacking\" width=\"103\" height=\"107\" \/><\/a><\/p>\n<p><em><span style=\"color: #3366ff;\">Suppose you visit a site and think you\u2019re clicking on a button to close a window; instead, the action of clicking the \u201cX\u201d button prompts your computer to download a Trojan virus, transfer money from your bank account or turn on your computer\u2019s built-in microphone. The host website may be a legitimate site that&#8217;s been hacked or a fake version of some well-known site like your bank\u2019s website. You may have been tricked into visiting the site through links online or in email messages.<\/span><\/em><strong>\u00a0<\/strong><\/p>\n<p><strong><span style=\"color: #000000;\">It\u2019s called Clickjacking <!--more--><\/span><\/strong><\/p>\n<p><span style=\"color: #800000;\"><strong>Clickjacking<\/strong> is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. The exploit is also known as <\/span><strong><span style=\"color: #800000;\">UI redressing<\/span>.<\/strong> <strong><span style=\"text-decoration: underline;\"><a href=\"http:\/\/en.wikipedia.org\/wiki\/Clickjacking\" target=\"_blank\">Read\u00a0the full description on\u00a0Wikipedia<\/a><\/span><\/strong><\/p>\n<p>When you\u2019re \u201cclick jacked\u201d a virus is downloaded to your hard drive.\u00a0In many cases your antivirus software will be disabled and destroyed by the virus, which will then\u00a0behave like a legitimate antivirus program. It will ask you to use your credit card to buy a license for the software online so it can \u201cclean\u201d your computer.<\/p>\n<p>It will also prevent the installation of widely used antivirus and malware removal programs, which means once you are infected it can be difficult to get clean\u00a0without the assistance of a computer technician. Clickjack detection is complex and varies between browsers. <span style=\"color: #800000;\"><em>*It is important to note that this is not a vulnerability based in the target applications but rather in software running on your machine (i.e. browsers).<\/em><\/span><\/p>\n<p>There are multiple variants of clickjacking. In a nutshell, each one utilises a different technique to exploit the same vulnerability found in all major browsers, Internet Explorer (IE), Firefox, Safari and Opera. This vulnerability enables attackers to alter a website\u2019s visual display from the browser while preserving its functionality.\u00a0It involves generating a fake graphical overlay on top of an existing web page in order to visually change the web page while preserving its buttons, forms, etc. without you noticing or seeing the change because forms get sent as usual and other features perform as expected.<\/p>\n<p>The malicious web page embeds a page from another domain to which the user is already authenticated. Since the malicious web page is controlled by the attacker, the attacker can visually hide parts of the original application from the user and cause you to click on something you otherwise wouldn\u2019t have.<\/p>\n<p><a href=\"http:\/\/bonzamobilecomputerrepairs.com\/blog\/wp-content\/uploads\/2011\/06\/clickjacking-attack.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-5012\" title=\"clickjacking attack\" src=\"http:\/\/bonzamobilecomputerrepairs.com\/blog\/wp-content\/uploads\/2011\/06\/clickjacking-attack.jpg\" alt=\"clickjackiny-attack\" width=\"263\" height=\"132\" srcset=\"http:\/\/bonzamobilecomputerrepairs.com\/blog\/wp-content\/uploads\/2011\/06\/clickjacking-attack.jpg 732w, http:\/\/bonzamobilecomputerrepairs.com\/blog\/wp-content\/uploads\/2011\/06\/clickjacking-attack-300x150.jpg 300w\" sizes=\"(max-width: 263px) 100vw, 263px\" \/><\/a><\/p>\n<h6><span style=\"color: #800000;\">This example is using iframes to show different\u00a0text, and to hide a button, forcing you to select\u00a0 &#8220;Yes&#8221; to something unknown hidden underneath the button<\/span>.\u00a0<a href=\"http:\/\/bonzamobilecomputerrepairs.com\/blog\/wp-content\/uploads\/2011\/06\/fake-overlay.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-5015\" title=\"fake-overlay\" src=\"http:\/\/bonzamobilecomputerrepairs.com\/blog\/wp-content\/uploads\/2011\/06\/fake-overlay.jpg\" alt=\"clickjacking overlay\" width=\"185\" height=\"158\" srcset=\"http:\/\/bonzamobilecomputerrepairs.com\/blog\/wp-content\/uploads\/2011\/06\/fake-overlay.jpg 514w, http:\/\/bonzamobilecomputerrepairs.com\/blog\/wp-content\/uploads\/2011\/06\/fake-overlay-300x256.jpg 300w\" sizes=\"(max-width: 185px) 100vw, 185px\" \/><\/a><\/h6>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<h6><span style=\"color: #800000;\">This\u00a0image shows a fake overlay causing you to inadvertantly give your bank login details to the attacker.<\/span><\/h6>\n<p><strong>\u00a0<\/strong><\/p>\n<p><strong><span style=\"color: #3366ff;\">How to Protect from\u00a0Clickjacking<\/span><\/strong><\/p>\n<p><span style=\"color: #3366ff;\">1. Install Firewall and Antivirus and always update your antivirus definitions.<\/span><\/p>\n<p><span style=\"color: #3366ff;\">2. Always Log Out of your accounts.<\/span><\/p>\n<p><span style=\"color: #3366ff;\">3. Upgrade Your Favourite Browser to the latest version and increase your browsing security.<\/span><\/p>\n<p><span style=\"color: #3366ff;\">4. Upgrade browser plugins.<\/span><\/p>\n<p>I make sure I check and update\u00a0all of the above regularly.\u00a0Last week I was in Melbourne and when I\u00a0returned\u00a0I had <strong>16 updates<\/strong> waiting!<\/p>\n<p>Be vigilant folks! And please, please pause before you click.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hardly a day goes by without someone asking\u00a0a Bonza technician to remove a virus(s) from a computer or laptop.\u00a0This post may help you to \u201cpause a sec\u201d before you click! Suppose you visit a site and think you\u2019re clicking on a button to close a window; instead, the action of clicking the \u201cX\u201d button prompts [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[373],"tags":[597,598,599],"aioseo_notices":[],"_links":{"self":[{"href":"http:\/\/bonzamobilecomputerrepairs.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/4961"}],"collection":[{"href":"http:\/\/bonzamobilecomputerrepairs.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bonzamobilecomputerrepairs.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bonzamobilecomputerrepairs.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/bonzamobilecomputerrepairs.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4961"}],"version-history":[{"count":73,"href":"http:\/\/bonzamobilecomputerrepairs.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/4961\/revisions"}],"predecessor-version":[{"id":5184,"href":"http:\/\/bonzamobilecomputerrepairs.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/4961\/revisions\/5184"}],"wp:attachment":[{"href":"http:\/\/bonzamobilecomputerrepairs.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4961"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bonzamobilecomputerrepairs.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4961"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bonzamobilecomputerrepairs.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4961"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}