Security Bites 117: How 'Clickjacking' attacks hide behind the mouse

Jeremiah Grossman talks about the increasing threat of clickjacking with CNET's Robert Vamosi.

Criminals may have found a way to get you to click on malware without you even knowing. Worse, they might also be able to open the microphone or Webcam on your PC to eavesdrop.

Called Clickjacking , the process allows the attacker to trick you the user into clicking on something only briefly visible on the screen. While it's mostly a problem for the browser makers, it also affects Adobe Flash, Microsoft Silverlight, and Sun's Java.

Although clickjacking, which may contain up to half dozen specific vulnerabilities, has been around for years, it has recently come to the attention of online criminals and security researchers alike.

One of those researchers is Jeremiah Grossman, CTO of WhiteHat Security. Robert Vamosi of CNET News spoke with him by phone.

Grossman recommends users of Firefox consider using the NoScript plug-in and set it to forbid IFrame content. More details on configuring NoScript to block this attack can be found here. Additional US-CERT tips for securing other browsers can be found here.


Listen now: Download today's podcast

Tags:
Security
About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Discuss Security Bites 117: How 'Clickjacking' attacks...

    Conversation powered by Livefyre

    This week on CNET News
    Hot Products
    Trending on CNET

    Tech Tip

    Know how to save a wet phone?

    It's not with a dryer and it's not with rice. CNET shows you the secret to saving your phone.