Posted tagged ‘protection’

IE Only Offers Some Clickjacking Protection

September 23, 2011

It’s a given that you want to keep yourself safe from clickjacking scams. They’ve been known to cause all kinds of trouble. Not only do they post potentially embarrassing information to your social networking profile, but they can install viruses on your computer that will steal personal information that lets hackers commit identity theft.

You’d expect all Internet browsers to take this threat pretty seriously. After all, who would want to use a browser that exposes you to such a threat?

Unfortunately, though, some browsers are better than others at protecting you from clickjacking threats.

IE 8, for instance, looks for a tag that website designers use to prevent content from loading in frames. By getting rid of the frames, you solve a large part of the clickjacking problem. IE 8, however, relies on the website, not the user. That’s not very helpful for most people. If individual users had the option to say “don’t use any frames,” then they could rely on near-universal protection. When you leave it up to website developers, though, you’ve only offered help for those that don’t need it. If a website chooses to use the no frames tag, then they’re obviously not trying to clickjack visitors. That leaves things wide open for clickjackers that create sites specifically to attract victims.

This is the kind of protection that could actually cause more harm than good.

If nothing else, Internet Explorer should alert users when they have reached a page that does not protect them. Then the user can decide whether he or she wants to proceed. It would also encourage more web designers to include the tags when they build new sites.

Advertisements

Should We Expect More Protection From Clickjacking?

June 5, 2011

Clickjacking is a problem. There’s no getting around that. If you use the Internet, then you are a potential victim. It’s really that simple.

So, should we expect more protection from clickjacking? Should we expect individual websites to find new security measures that will prevent clickjackers from spreading their scams (I’m looking right at you Facebook and Twitter)?

To some extent, I think that we can expect these companies to assume some responsibility. After all, these companies have made billions of dollars from their clients. They should invest some of that money into research and development that helps them keep the clients safe.

At the same time, we can’t expect Facebook, Twitter, or any other big website to protect us from every threat on the Internet. Many of the clickjacks that people get through Facebook actually come from outside sources. Could Facebook do a better job of warning people when they are leaving the site? Absolutely. Could they do a better job of educating users so that they know more about the threats of clickjacking? I’d say so.

But they aren’t responsible for what happens to you on http://www.sometinysite.com.

That means you have to accept some responsibility on your own.

If you can’t prevent clickjacks from happening, then you can at least stop malware from infiltrating your computer as a result of clickjacked links. Get some good security software for your computer, and don’t be afraid to spend a few bucks on the highest level of protection. It’s the money that encourages software companies to design stronger products. If you only rely on freeware, then you are going to get burned at some point.

That’s just a fact of participating in a virtual world.