Presentation is loading. Please wait.

Presentation is loading. Please wait.

Adapted from  2004 Prentice Hall, Inc. All rights reserved. Clickjacking.

Published byJasmin Sims Modified over 8 years ago

Similar presentations

Presentation on theme: "Adapted from  2004 Prentice Hall, Inc. All rights reserved. Clickjacking."— Presentation transcript:

1 Adapted from  2004 Prentice Hall, Inc. All rights reserved. Clickjacking

2 Adapted from  2004 Prentice Hall, Inc. All rights reserved.

3 Imagine an attacker who builds a web site that has a button on it that says “click here for a free iPod”. However, on top of that web page, the attacker has loaded an with your mail account, and lined up exactly the “delete all messages” button directly on top of the “free iPod” button. The victim tries to click on the “free iPod” button but instead actually clicked on the invisible “delete all messages” button. In essence, the attacker has “hijacked” the user’s click, hence the name “Clickjacking”.

4 Adapted from  2004 Prentice Hall, Inc. All rights reserved. The tag specifies an inline frame. An inline frame is used to embed another document within the current HTML document.

5 Adapted from  2004 Prentice Hall, Inc. All rights reserved. Clickjacking http://www.cis.syr.edu/~wedu/education/websec3.html Attackers load a page over another page in a transparent layer. The users think that they are clicking visible buttons, while they are actually performing actions on the hidden/invisible page. The hidden page may be an authentic page; therefore, the attackers can trick users into performing actions which the users never intended. There is no way of tracing such actions to the attackers later, as the users would have been genuinely authenticated on the hidden page.

6 Adapted from  2004 Prentice Hall, Inc. All rights reserved. By loading Adobe Flash plugin settings page into an invisible iframe, an attacker could trick a user into altering the security settings of Flash, giving permission for any Flash animation to utilize the computer's microphone and camera. Twitter worm. This clickjacking attack convinced users to click on a button which caused them to re-tweet the location of the malicious page, and propagated massively. Attackers can trick logged-in Facebook users to arbitrarily like fan pages, links, groups, etc Past Clickjacking attacks

7 Adapted from  2004 Prentice Hall, Inc. All rights reserved. Defense NoScript- Mozilla add-on prevents users from clicking on invisible or "redressed" page elements of embedded documents or applets. Guarded ID- Forces all iframes to become visible Framekiller- web server does NOT allow itself to be framed ie(facebook, gmail, etc)

Download ppt "Adapted from  2004 Prentice Hall, Inc. All rights reserved. Clickjacking."

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
With Microsoft Access 2010© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation to Accompany GO! with Microsoft ® Access.

With Microsoft Access 2010© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation to Accompany GO! with Microsoft ® Access.
Clickjacking CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Clickjacking CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug 2013 - scotthel.me.

Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug scotthel.me.
Video, audio, embed, iframe, HTML Form

Video, audio, embed, iframe, HTML Form
New Computer Security Threat - ClickJacking Ehab Ashary CS591-F2010 University of Colorado, Colorado Springs Dr. C.Edward Chow.

New Computer Security Threat - ClickJacking Ehab Ashary CS591-F2010 University of Colorado, Colorado Springs Dr. C.Edward Chow.
Tutorial 7 Working with Multimedia. XP Objectives Explore various multimedia applications on the Web Learn about sound file formats and properties Embed.

Tutorial 7 Working with Multimedia. XP Objectives Explore various multimedia applications on the Web Learn about sound file formats and properties Embed.
Copyright © 2004 ProsoftTraining, All Rights Reserved. Lesson 9: Frames © 2007 Prosoft Learning Corporation All rights reserved ITD 110 Web Page Design.

Copyright © 2004 ProsoftTraining, All Rights Reserved. Lesson 9: Frames © 2007 Prosoft Learning Corporation All rights reserved ITD 110 Web Page Design.
Copyright © 2004 ProsoftTraining, All Rights Reserved. Lesson 9: HTML Frames.

Copyright © 2004 ProsoftTraining, All Rights Reserved. Lesson 9: HTML Frames.
HTML Lesson 5 TBE 540. Prerequisites The user must be able to… –Create basic web pages with a text editor and/or a web page editor.

HTML Lesson 5 TBE 540. Prerequisites The user must be able to… –Create basic web pages with a text editor and/or a web page editor.
WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.

WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
 What I hate about you things people often do that hurt their Web site’s chances with search engines.

 What I hate about you things people often do that hurt their Web site’s chances with search engines.
Audio and Video on the Web Sec 5-12 Part or all of this lesson was adapted from the University of Washington’s “Web Design & Development I” Course materials.

Audio and Video on the Web Sec 5-12 Part or all of this lesson was adapted from the University of Washington’s “Web Design & Development I” Course materials.
© 2008 The McGraw-Hill Companies, Inc. All rights reserved. M I C R O S O F T ® Preparing for Electronic Distribution Lesson 14.

© 2008 The McGraw-Hill Companies, Inc. All rights reserved. M I C R O S O F T ® Preparing for Electronic Distribution Lesson 14.
CpSc 462/662: Database Management Systems (DBMS) (TEXNH Approach) HTML Basics James Wang.

CpSc 462/662: Database Management Systems (DBMS) (TEXNH Approach) HTML Basics James Wang.
WEB SECURITY WEEK 3 Computer Security Group University of Texas at Dallas.

WEB SECURITY WEEK 3 Computer Security Group University of Texas at Dallas.
 2004 Prentice Hall, Inc. All rights reserved. Chapter 13 - Dynamic HTML: Object Model and Collections Outline 13.1 Introduction 13.2 Object Referencing.

 2004 Prentice Hall, Inc. All rights reserved. Chapter 13 - Dynamic HTML: Object Model and Collections Outline 13.1 Introduction 13.2 Object Referencing.
CSCI N241: Fundamentals of Web Design Copyright ©2004  Department of Computer & Information Science Adding Sound.

CSCI N241: Fundamentals of Web Design Copyright ©2004  Department of Computer & Information Science Adding Sound.

Similar presentations

Ads by Google