Protect Your Webcam from Clickjacking
ZDnet and other technical news sites have reported that clickjacking — a potentially serious threat — can affect any browser.
Clickjacking in a Nutshell
In a nutshell, clickjacking is accomplished by a malicious page that hides behind a seemingly safe page. When you click an item on the supposedly safe page, your computer is clickjacked by malicious code which then hijacks your pc’s accessories or other components. This occurs without your knowledge.
Generally, webcams are hijacked, but clickjacking is not limited to affecting a cam. For instance, your sound system or microphone can be exploited, or your PC can be taken over in other ways.
Adobe’s Flash Player was particularly vulnerable to clickjacking threats; however, Adobe has come out with a fix to address the issue.
What Browsers are Affected?
Clickjacking is a malicious code that affects virtually all Internet browsers. There is no quick fix, such as disabling javascript.
A “No Script” add-on that works with Firefox is the only known solution.
Problems with the Clickjacking Fix
After using No Script for a week or so, I disabled it because it made web surfing a chore. Every site that I visited was blocked to some degree or another because the site contained YouTube videos, ads or javascript coding. For instance, the following were all blocked by No Script:
- Google Analytics
- Pepperjam network
- Peelaway Ads
- Voxant’s newsroom
- Chitika
- and many, many more (see the partial list of affiliate programs and other utilities blocked by No Script).
Fortunately for Adsense publishers, Google’s Adsense is among the short list of networks automatically whiteliested by the No Script add-on. Most of the others have to be manually whitelisted. It is highly unlikely that the average Internet user will do so.
If clickjacking is truly the threat that some would say that it is, and if solutions such as No Script are the only way to fight back, I can see that this situation will kill online advertising. Even the big boys’ ads, such as those delivered by Adserver Plus, were blocked by the Firefox add-on.
Conclusion: Maybe the Threat is Overrated
My web browsing experience is back up to speed since I’ve disabled No Script and so far I haven′t been hit by any type of clickjacking activities. Perhaps the threat is more overrated than it actually is.
The NotGuru blog has posted some videos that show exactly how clickjacking works and how to install fixes.
