@Kanhef
I think Firefox's NoScript addon detects clickjacking quite effecively. So it's definitely detectable, and has saved me a few times as well.
Facebookers hit with steamy clickjacking exploit
Facebook administrators have blocked a clickjacking exploit that displayed images of a scantily clad woman on profile pages without first prompting the user for permission. The attack began when a victim encountered the image of the near-naked woman on a friend's profile page along with the words "Want 2 C something hot? Click …
This topic is closed for new posts.
Not just this.
This hasn't been the only clickjacking on facebook of late, another being a "free copy of assassin's creed 2" being posted on many people's feeds.
You click it, it takes you to an advertising page where you are to click a button on the picture of the XBOX 360 to turn the XBOX on. Where upon it posts the same advert you clicked from facebook on your feed.
Complete negligence on Facebok's part.
Possible solution
It should be possible to make browsers detect this sort of exploit. Make a copy of the page and simulate a mouse click on every link to see where it would actually go. Display a warning if that's different from the link on the page, or where using keyboard navigation would go. Just scrutinizing every use of 'onclick' should catch a lot of them.
Fixed?
"We’ve blocked the URL"...
Sounds like quite the solution.
A response of "we've blocked 1 IP out of 4 billion" would have been pretty lame. But "we’ve blocked one URL out of * ", is just plain funny.
I feel bad for all of the <strike>web 2.0</strike> High School 2.0 users out there.
Those who wish to safely see something hot
can find it in all its probably NSFW glory here:
http://fitzgerald.blog.avg.com/2009/11/new-facebook-worm-dont-click-da-button-baby.html
This comment provided as a public service for nudity-starved commentards.
@Winkypop
let me fix that for you:
your arsebook, what's the difference?
much better ;)
This topic is closed for new posts.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- The BI Inflexion Point
Information is a right, not a privilege - VPN security - if you want it, come and get it
Attention WiFi hotspotters: You want it - The Register Guide to iSCSI
A primer on Internet SCSI, a protocol to transport SCSI commands over IP - Secure Mobile Working
Beyond the Technology - The Impact of IT Security Attitudes
Putting the pieces in place for effective security delivery - The Register guide to unified communications
A primer on the implications of unified communications for enterprise IT
