Itc2009 Click Jacking

750 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
750
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Itc2009 Click Jacking

  1. 1. NEA-SEA ITC 2009 Click Jacking March 2009 ITC Jay Hall
  2. 2. What is Click Jacking? <ul><li>A method used by an attacker to hide a button, or link, on a legitimate page, using other web content to mask the page's context. </li></ul><ul><li>Using well placed graphics, the attacker may be able to persuade a victim to click where an attacker wants on the page. </li></ul><ul><li>This is also known as </li></ul><ul><ul><li>User-Interface (UI) redress and iFrame overlay. </li></ul></ul><ul><li>Click Jacking is not dependent on Java. </li></ul>
  3. 3. Preventing Click Jacking <ul><li>Website Owners </li></ul><ul><ul><li>Add JavaScript frame busting code to the website to ensure none of the web pages can be framed by a malicious third party. </li></ul></ul><ul><ul><li>Important action buttons on the web site should require JavaScript to execute. </li></ul></ul><ul><ul><ul><li>This helps prevent certain browser features that negate the solution. </li></ul></ul></ul><ul><ul><li>Sensitive actions should be validated using an out of band communication channel. </li></ul></ul><ul><ul><ul><li>Email or SMS. </li></ul></ul></ul>
  4. 4. Preventing Click Jacking <ul><li>Users </li></ul><ul><ul><li>Make sure you logout of website when you are done conducting business. </li></ul></ul><ul><ul><li>Instal the NoScript Firefox plugin. </li></ul></ul><ul><ul><li>Disable all plugins. </li></ul></ul>
  5. 5. Questions ???????????????
  6. 6. The End

×