Posted tagged ‘ie redressing’

IE Only Offers Some Clickjacking Protection

September 23, 2011

It’s a given that you want to keep yourself safe from clickjacking scams. They’ve been known to cause all kinds of trouble. Not only do they post potentially embarrassing information to your social networking profile, but they can install viruses on your computer that will steal personal information that lets hackers commit identity theft.

You’d expect all Internet browsers to take this threat pretty seriously. After all, who would want to use a browser that exposes you to such a threat?

Unfortunately, though, some browsers are better than others at protecting you from clickjacking threats.

IE 8, for instance, looks for a tag that website designers use to prevent content from loading in frames. By getting rid of the frames, you solve a large part of the clickjacking problem. IE 8, however, relies on the website, not the user. That’s not very helpful for most people. If individual users had the option to say “don’t use any frames,” then they could rely on near-universal protection. When you leave it up to website developers, though, you’ve only offered help for those that don’t need it. If a website chooses to use the no frames tag, then they’re obviously not trying to clickjack visitors. That leaves things wide open for clickjackers that create sites specifically to attract victims.

This is the kind of protection that could actually cause more harm than good.

If nothing else, Internet Explorer should alert users when they have reached a page that does not protect them. Then the user can decide whether he or she wants to proceed. It would also encourage more web designers to include the tags when they build new sites.