Server-side Clickjack Protection

If you’ve been worrying about clickjacking attacks on the websites you visit often, you might be surprised to learn that site’s have the ability to impede these attacks. The fact of the matter is some websites just don’t focus that much on security strategies that would really keep their visitors safe. That isn’t to say that website administrators and developers could prevent all clickjacking attacks, but they could certainly make it harder for hackers to ruin your day.

Quite frankly, social networking sites (especially Facebook) are some of the worst offenders. To some extent, that’s understandable. Consider, for instance, how many people visit Facebook every day. That makes the site a target for clickjackers that want to reach a large audience quickly. Plus, Facebook wants to make it easy for people to share information  with each other. Any kind of block could negatively affect service.

When it comes down to it, though, more websites could use server-side clickjacking protection. It’s actually pretty easy.

The most common technique is called a framekiller. It’s a piece of JavaScript that prevents a site from loading frames from different sources. Unfortunately, it’s not always reliable. It’s especially easy for fairly advanced hacking techniques to trick Internet Explorer into loading the clickjacked link as asked.

Should websites have more responsibility when it comes to protecting visitors. That depends. A site like Facebook should definitely lead the security development to stop clickjacking. They’re big enough and have enough resources to take on the  problem. Plus, it’s in their best interest to offer more safety to their members. Since Facebook doesn’t have a true competitor, though, the company might not feel too motivated in this area.

Advertisements
Explore posts in the same categories: Uncategorized

Tags: , , , , ,

You can comment below, or link to this permanent URL from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: