Clickjacking Chrome and Firefox
Clickjacking Chrome and Firefox
Author JoeDigital
If you are a user of either the Chrome or Firefox browsers, or even SeaMonkey, another Mozilla browser, you have probably experienced clickjacking, and didn’t know what had happened. We didn’t know what it was called either, until we stumbled across an article a couple of days ago, and things began to (literally) click into place.
For our experience, the clickjack episode almost always begin with a Google search, and when a link on the results page is clicked on, something different happens. Instead of loading the domain name we click, a completely different web page pops up, usually a directory page using the same set of keywords as a search term.
What happens is relatively simple, and at the same time very difficult to prevent. A would-be hijacker monitors traffic to a partcular IP address (Google), and traces a connection back to the sending party (the user) by following the return packet (search results). Now, when that person clicks a link on the search results page, the malicious party kidnaps the request, and returns a completely different url/IP address to the browser, which was expecting a response, and thinks that everything is going as planned.
What is important to note is that our experience has been rather benign, but the possibility of clickjacking for mischief is very large. Your browser can be tricked into sending cookies, or making other responses to website, and there’s nothing you can do to stop it. You could unwittingly be giving up personal information by doing something as simple and trusted as performing web-based search
The good news is that this flaw seems to be prevalent in the Open Source browsers, but does not seem to have much affect on proprietary browsers, such as IE7 or Safari. Google and Mozilla both have already announced that the problem is under consideration, and will be eliminated in future releases. Google 2 is expected to be released into public beta sometime in the next few months, and Firefox has a new version due in a similar timeframe.
Sign up to our RSS feed at TheTechnologyBlog.net
Comment
You must be logged in to post a comment.
Options
-
January 30, 2009 -
Computers, Domains, World Wide Web -
0 comments
-
Comments RSS -
Del.ico.us
-
Digg!
Twitter- GET RSS FEED
User Panel
Categories
- automobile (46)
- cameras (29)
- Canada (9)
- Cellphones (8)
- Computers (215)
- Consumer Electronics (159)
- Domains (5)
- Gadgets (84)
- Hosting (4)
- Innovation (75)
- IT Security (8)
- Japanese Anime (20)
- Comics (1)
- Japanese Gadgets (14)
- Japanese Tech Toys (15)
- Japanese Technology (26)
- Linux (12)
- Mac/Apple (43)
- Movies (5)
- Networking (14)
- Robotics (18)
- Science (27)
- Technology (109)
- Technology Viewpoint (37)
- Telecommunications (104)
- Video Games (94)
- Windows (44)
- world news (34)
- World Wide Web (64)
Links to check out
- Get Technology Jobs