Posted tagged ‘noscript’

A New Clickjack Protection

September 20, 2011

Clickjacking has been a huge problem because it takes advantage of security problems inherent in the Internet’s basic structure. It’s really difficult to tell whether a link or video is pulling a fast one on you. For a long time, Internet users could rely on NoScript, an app that worked with Firefox. It’s a pretty useful app, but it’s hard to rely on a single source of protection. Plus, the problem with having a single form of protection is that you never create competition that encourages NoScript to improve its service.

Now that competition has started.

Zscaler is a new widget that blocks clickjacked objects from unleashing their attacks on you. Unlike NoScript, which only works with Firefox, Zscaler works with Firefox, Chrome, and Safari.

It’s uncertain whether Zscaler actually works better than NoScript.

Actually, whether it’s better is only part of the point.What’s really important is that NoScript now has some competition. It also means that Internet users now have two options to protect them from clickjackers.

There’s just one potential problem with this. The more tools we have to protect ourselves, the more open we are to social manipulation. We begin to think that the apps and widgets will protect us no matter what. But they won’t. Clickjackers are always one step away from figuring out how to bypass even the latest security. That means each person has to pay attention to what actions they take online.Even with all the security tools, it’s still up to you to make smart, informed decision when you’re online.



Let me clue you in

September 28, 2010

Let me clue you in on something.

There’s no guarantee that you’re going to avoid clickjacking attacked… unless you never ever click on a link. Just avoid the whole internet. That should keep you safe.

Even if you are using Firefox or some other security-enhanced Web browser in conjunction with NoScript, you could still fall victim to a clickjacking plot. You can only protect yourself to a certain extent. Even if you keep your wits about you, there’s a good chance that¬† you’re going to get clickjacked at some point. All it takes is one mistake, and hackers are very good at encouraging you to make mistakes long before you realize what you have done.

So, you’re at least somewhat screwed here.

That’s why it’s important to use third-party software to make sure that your computer doesn’t have any malware installed on it. In fact, if you really want to play it safe, then you’ll install two pieces of antivirus software and you’ll run them both daily.

Does that sound like a lot? I spend a large chunk of my day online because of work. That means I probably have a larger chance of running into clickjacks and malware than you, unless, of course, you’re a bigger dork than I am. At the same time, knowing a lot about computer security means that I should be able to protect myself from exposure. Even with my level of expertise, though, I frequently find that some piece of malware has slipped through my defenses. I certainly don’t find security risks every time I run my antivirus protection. But I find something fishy at least once a week.

If I’m vulnerable to these attacks, then just imagine your own risk.

Is IE8 protecting you from clickjackers?

May 19, 2010

When Internet Explorer 8 was released, it promised to contain security features that would protect users from clickjacking attacks. It is certainly helpful that Microsoft included some protection from clickjackers in IE8, but many security specialists have learned that the strategies are not completely effective.

In fact, IE8’s clickjack protection relies on the efforts of webmasters to secure their pages with special tags that create errors when clickjacking strategies are used. That means webmasters would not only have to go through the trouble of including tags in every page that they create, but also the millions of pages that already exist on the internet. There is basically no way that that’s going to happen.

Internet users, however, don’t have any foolproof ways to protect themselves. Many security specialists believe that a combination of Firefox and NoScript offers the best protection. Even that dynamic duo has its faults. In fact, every browser is susceptible to some version of clickjacking. If you want absolute safety, then you’d better not use the web at all.

If, however, you are willing to take a slight risk,  then you can use an updated web browser, frequently scan your system for malware, and pay attention to every link that you click. The best defense so far is common sense and skepticism. Using those tools, you can limit the amount of clickjacking strategies that you are exposed to.