![]() ![]() ![]() Nested: clickjacking tailored to affect Google+.Likejacking: utilizes Facebook's social media capabilities.Classic: works mostly through a web browser.There is no way of tracing such actions to the attackers later, as the users would have been genuinely authenticated on the hidden page. The hidden page may be an authentic page therefore, the attackers can trick users into performing actions which the users never intended. The unsuspecting users think that they are clicking visible buttons, while they are actually performing actions on the invisible page, clicking buttons of the page below the layer. ![]() On a clickjacked page, the attackers load another page over the original page in a transparent layer to trick the user into taking actions, the outcomes of which will not be the same as the user expects. ![]() One form of clickjacking takes advantage of vulnerabilities that are present in applications or web pages to allow the attacker to manipulate the user's computer for their own advantage.įor example, a clickjacked page tricks a user into performing undesired actions by clicking on concealed links. The term "clickjacking" was coined by Jeremiah Grossman and Robert Hansen, a portmanteau of the words "click" and "hijacking." Īs more attacks of a similar nature were discovered, the focus of the term "UI redressing" was changed to describe the category of these attacks, rather than just clickjacking itself. In 2008, Jeremiah Grossman and Robert Hansen had discovered that Adobe Flash Player was able to be clickjacked, allowing an attacker to gain access of the computer without the user's knowledge. However, this was mainly ignored as a major issue until 2008. In 2002, it had been noted that it was possible to load a transparent layer over a web page and have the user's input affect the transparent layer without the user noticing. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |