I found this latest article in WindowsSecrets about Clickjacking
interesting and awakening!

Blocking would be best, but would it interfere with anything?
A browser plugin like Verification Engine should do the trick. Before clicking browse over the button and it will tell you if the projected link is good and where you intended to go!
But I have found that V.E. works only on the main screen of most sites and not on pages/screens farther down, like and most important a download page, etc.


Nice article. Thanks for sharing.

It also talks about “Flash apps may activate webcams and mics”. In this matter, I have no mic, but the webcam’s eye is covered (the “eye” is blinded :wink: ).

People could just cover it (the cam’s “eye”) with black tape, or something like that.

Now the clickjacking, is a total business. I use opera, and use javascript control. Not sure if covers all areas. I doubt it does, for a matter of fact.

I use Firefox 3 with NoScript extension up to date, and it has protection against that kinf of attack. Also, Opera 9.60 has that protection.

The new Opera has that protection?
This is !ot!, but I’ve been seeing lots of people who are in this “Computer Security Testing Group”. What is it??


That’s the malware research group.

I will look for that. I don’t know exactly, but a friend of mine told me.

About Firefox and NoScript, follow: Hello ClearClick, Goodbye Clickjacking! –


You must have this?

Mozilla Foundation: Install Giorgio Maone’s open-source NoScript plug-in to block execution of JavaScript except for sites you approve. NoScript is free, though the vendor requests a donation. The add-on lets Firefox users designate the sites on which scripts are allowed to run and blocks JavaScript on all other sites.

Does that mean you need to add any new site you might be interested in going to before you can? Almost like driving safety on the highway 80 will get you there quicker but 55 will also get you there , just a few minutes longer but more safely.



And you don’t know about the group you are in?

Yes, you need to add any new site you might be interested in going to before you can. You visite the site, it requires javascript, if you trust it, you can permanently allow, if not, you can temporarily allow. It’s my # 1 extension to firefox. And, after your whitelist grow up, you can export/import it to others firefox sessions.

Everthing will be fine unless sometime in the future, a trusted site gets hijacked, then clickjacking could be a problem!