Aug 13, 2012

How can I stop clickjacking attacks?

One of the people at my office apparently clicked a "Like" button on a website, and next thing I know, our customers on Facebook are complaining about the porn link we "liked" after they followed our apparent recommendation. Welcome to the clickjacking party. Is there a way to prevent clickjacking from happening, short of barring people from going online at work?


There are a couple of things that you can do that are really easy and will greatly decrease the risk while people are browsing.  I install the NoScript plug-in on all the browsers at my office.  We currently use Firefox, but I'm sure there is either a version of it for Chrome or a similar plug-in.  The most effective thing that you can do, in my opinion, is disable Flash.  If that generates too many complaints, at least make certain the most current version of Flash is installed and change the global security settings to "always deny" or at least "always ask".  There is also a setting in there to deny access to your machine's cam and mic.   

Hi SilverHawk,

See this article about clickjacking, it includes a section on "likejacking" that you might find helpful.


"Likejacking, is a malicious technique of tricking users of a website into posting a Facebook status update for a site they did not intentionally mean to "like".[10] The term "likejacking" came from a comment posted by Corey Ballou[11] in the article How to "Like" Anything on the Web (Safely), which is one of the first documented postings explaining the possibility of malicious activity regarding Facebook's "like" button.[12]

According to an article in IEEE Spectrum, a solution to likejacking was developed at one of Facebook's hackathons.[13] A "Like" bookmarklet is available that avoids the possibility of likejacking present in the Facebook Like Button.[14]"
Answer this