Adobe has announced, however, that it has fixed the flaw in Flash that allowed clickjackers to activate microphones and webcams.

Before the latest Flash update, clickjackers could have their way with your computer by luring you into a simple trap. Often in the form of a game, the scammers just had to convince you to click an invisible frame on your screen. That would activate Flash’s manager and allow them to take control.

Obviously this is a good thing for anyone concerned about computer security. You kind of have to wonder how many unsavory online photographs were taken without permission. A quick clickjack, a little Photoshop, and boom! You’ve got yourself a male enhancement ad.

Of course, this might bum a few people out. After all, the Internet was obviously designed to collect naked photographs of every person in the world. Now that Adobe has managed to improve its software, how will humanity ever reach such a lofty goal?

You’d expect all Internet browsers to take this threat pretty seriously. After all, who would want to use a browser that exposes you to such a threat?

Unfortunately, though, some browsers are better than others at protecting you from clickjacking threats.

IE 8, for instance, looks for a tag that website designers use to prevent content from loading in frames. By getting rid of the frames, you solve a large part of the clickjacking problem. IE 8, however, relies on the website, not the user. That’s not very helpful for most people. If individual users had the option to say “don’t use any frames,” then they could rely on near-universal protection. When you leave it up to website developers, though, you’ve only offered help for those that don’t need it. If a website chooses to use the no frames tag, then they’re obviously not trying to clickjack visitors. That leaves things wide open for clickjackers that create sites specifically to attract victims.

This is the kind of protection that could actually cause more harm than good.

If nothing else, Internet Explorer should alert users when they have reached a page that does not protect them. Then the user can decide whether he or she wants to proceed. It would also encourage more web designers to include the tags when they build new sites.

Now that competition has started.

Zscaler is a new widget that blocks clickjacked objects from unleashing their attacks on you. Unlike NoScript, which only works with Firefox, Zscaler works with Firefox, Chrome, and Safari.

It’s uncertain whether Zscaler actually works better than NoScript.

Actually, whether it’s better is only part of the point.What’s really important is that NoScript now has some competition. It also means that Internet users now have two options to protect them from clickjackers.

There’s just one potential problem with this. The more tools we have to protect ourselves, the more open we are to social manipulation. We begin to think that the apps and widgets will protect us no matter what. But they won’t. Clickjackers are always one step away from figuring out how to bypass even the latest security. That means each person has to pay attention to what actions they take online.Even with all the security tools, it’s still up to you to make smart, informed decision when you’re online.

Quite frankly, social networking sites (especially Facebook) are some of the worst offenders. To some extent, that’s understandable. Consider, for instance, how many people visit Facebook every day. That makes the site a target for clickjackers that want to reach a large audience quickly. Plus, Facebook wants to make it easy for people to share information  with each other. Any kind of block could negatively affect service.

When it comes down to it, though, more websites could use server-side clickjacking protection. It’s actually pretty easy.

The most common technique is called a framekiller. It’s a piece of JavaScript that prevents a site from loading frames from different sources. Unfortunately, it’s not always reliable. It’s especially easy for fairly advanced hacking techniques to trick Internet Explorer into loading the clickjacked link as asked.

Should websites have more responsibility when it comes to protecting visitors. That depends. A site like Facebook should definitely lead the security development to stop clickjacking. They’re big enough and have enough resources to take on the  problem. Plus, it’s in their best interest to offer more safety to their members. Since Facebook doesn’t have a true competitor, though, the company might not feel too motivated in this area.

That’s kind of scary, especially considering that some of the clickjacked videos can steal personal information from your computer that allows hackers to steal your identity.

What’s even more scary is that research now shows that 15 percent of videos on Facebook are clickjackers. That’s right. 15 percent. That means that for every ten videos you see, more than one of them has been clickjacked. Click on ten random videos and you’re going to get clickjacked at least once.

Let’s face it, Facebook hasn’t done much to stop this kind of behavior. They pretty much let anyone post anything without discretion (unless its porn, I guess. They have a thing against porn).

Yet again, that means you need to protect yourself by avoiding shady videos. If you see a video that doesn’t look like your friend actually posted it,then don’t click it. If your uncle who’s totally into football posts a video about lady gaga, then you can feel pretty certain that it’s a clickjack. There’s just something not right with it, so stay away.

Recently, the moral fiber of Facebook users was tested by a post that reads

Man in wheelchair falls down the elevator shaft *SHOCKING VIDEO*
[LINK deleted]
This Video is really shocking. a man in a wheelchair is falling down the elevator shaft.

If you followed the link, then you found a fake Facebook page with what looked like an embedded video. Sorry, you’re not going to get to watch the gruesome video. In fact, such a video probably doesn’t even exist.

What you get, instead, is a clickjack. A lot of people have commented (and I kind of agree) that anyone who fell for this horrible scam got what they deserved.

If you use Firefox with the NoScript application, then you got a warning about the UI redressing attempt, as clickjacking is technically called. If you don’t use this security app, though, you were prompted to take an online survey. After taking the survey, you didn’t even get to watch the video. How lame is that?

Many clickjackeres use online surveys to earn money. By tricking people into visiting survey websites, they know that a small number will actually answer the questions. For each person that fills out the survey, the clickjackers earn a small amount of money that quickly adds up.

So, you know that there are some risks. If you’re smart, then you try to avoid suspicious videos and links. You might even use a widget or app that helps you detect potentially clickjacked sites.

But you’re just one person. Most of the time, you can protect yourself, but you know that things slip through every now and then. Chances are that you don’t even know when it happens. You just go about your day without knowing anything about it at all.

It’s a different story, though, when you are a business. Businesses have to worry about hundreds or thousands of employees clicking objects on the Internet. That means they are at a higher risk of contamination. It’s no wonder that so many businesses focus on security strategies that involve keeping a close eye on every employee.

You have to worry about things like identity theft. Businesses, however, have to worry about viruses stealing information from their clients. A business’s network often contains the credit card information and addresses of thousands of clients, not to mention the information that they use to confirm your identity when customers contact them.

This is a big concern for businesses, and that probably includes your employer. If your work doesn’t let you browse the Internet freely, there’s probably a good reason for that.

Not surprisingly, the big reward for clickjackers is money.

Symantec Security Response did some research showing that clickjackers can earn as much as $40,000. That’s a lot of money for such a small amount of work.

There are, of course, various ways that clickjackers can make money.

One of the most popular ways is to trick Internet users into filling out online surveys. Survey companies are often willing to pay websites for sending information their way. Each survey doesn’t earn much money at all. A successful clickjacking campaign, however, could potential trick thousands of people into filling out surveys. The money from those surveys adds up quickly, allowing the clickjacker to earn a good income.

Other clickjacking attacks focus on stealing information from Internet users. These attacks typically install spyware on your computer that allows a hacker to gather information about your activities. That makes it possible for the hacker to access your email account to send out spam. Like online surveys, each piece of spam earns a small amount of money that quickly adds up.

Hackers can also used clickjacked links to install spyware that will capture your personal information. This can allow the hacker to steal your identity, open a credit card in your name, or access your bank accounts.

Not long after the crash was reported, a Facebook message started circulating that promised to show video of the accident. Regardless of how compassionate most people are (thousands joined a Facebook group showing support for the pilot’s family), they also have a tendency to stare at car crashes and watch movies like Jackass, where people get hurt in supposedly hilarious ways. They just can’t not look at something spectacular, even when the event was tragic.

Clicking on the video link, however, doesn’t take you to a YouTube video. Clicking on the link does, however, share the message with all of your Facebook pals.

In the typical way, this clickjack gets spread quickly through the Internet. Even if only two people click on the message posted by your account, and then two people click on the messages posted by them, and so on, you quickly get thousands of people falling for the scam. The numbers increase exponentially, so they really get moving once you hit the triple digits.

It’s stunningly heartless for someone to use this tragic event to earn money. I’m sure that some people, however, think that the clickjack victims have gotten what they deserve. They should have followed the message in the first place. I think that’s a bit too harsh. Following the message might mean that you’re gullible, but it doesn’t mean that you are a bad person. At least not any worse than the thousands of other people who wanted to see the crash that they had heard so much about.

Anything, including fall for a Facebook clickjacking scam.

This specific clickjacking scam spreads through Facebook posts. To win the free tickets, you have to complete a survey. Finish that survey, however, and you’re taken to another one. You might think that you’ll eventually reach those tickets, but you never will. It’s a ceaseless journey that only ends when you get frustrated enough to quit.

By that time, though, it’s probably too late for your friends. That’s because you have shared information about the free tickets with everyone you’re connected to on Facebook. What? You don’t remember that post? That’s because the clickjack did it for you. Now all of your friends can fall victim to the hoax.

To make matters even worse, this scam focuses on young people who, as we all known, don’t always exercise the best judgment when exploring the net. Even parents that keep a close eye on their kids’ Internet usage might not spot this problem. It’s one thing for your kid to access a pornographic or disturbing website from the living room, but it’s quite another to fill out a simple survey. Few parents would even know to wonder whether it could have harmful effects.

Kids might think that they know more about the Internet than their parents. And maybe they do. But they don’t know more than their parents about the ways that scam artists prey on kids. That’s why parents have to make sure their kids know how to stay safe online.