Clickjacking is a fiendishly clever way to hijack your website. This hacking technique overlays a legitimate web page with an invisible hacked web page. When you click a button, you unknowingly click the button on the invisible overlaid page.
The most famous example of this hack was the “Don’t click me” exploit of Twitter. Suddenly, Twitter was full of messages pointing to a website with a button that read “Don’t click me”. For a more detailed explanation, see Daniel Sandler’s blog article Twitter’s “Don’t Click” prank, explained.
To mitigate this problem web pages should contain a framekiller script that prevents framing of invisible web pages. However, this script can still be hacked on older browsers. If you are an Internet Explorer user, you should upgrade to Internet Explorer 8, which contains enhanced security features that directly address this problem. Firefox users should install the NoScript Firefox add-on to protect yourself against Clickjacking attacks.
James Bell
Comments