Clickjack attack

What is clickjack attack?
Ein Clickjack-Angriff ist eine bösartige Technik, die von einem Angreifer verwendet wird, um die Klicks des infizierten Benutzers im Internet aufzuzeichnen. Dies kann verwendet werden, um den Datenverkehr an eine bestimmte Site zu leiten oder um einem Benutzer eine Facebook-Anwendung zu ermöglichen oder diese zu akzeptieren. Ein schändlicherer Zweck könnte sein, in einem Browser gespeicherte sensible Informationen wie Passwörter zu sammeln oder schädliche Inhalte zu installieren. Diese Art von Angriff wird auch als Clickjacking oder UI-Readdressing bezeichnet.

Typically, clickjack exploitation is performed by placing a hidden link over a valid button. However, usage can also include:

Get users to activate their microphones and webcams through Flash

Fool users into making their social media profile details public

Infizierte User unwissentlich jemandem auf Twitter consequences lassen

A clickjack attack can be implemented using IFRAMEs. These are HTML elements that generate content from other locations such as other websites. Clickjack attackers can embed an IFRAME on any website and overlay the invisible IFRAME over a legitimate button. When the user clicks the legitimate button, the attacker actually clicks the button or link.

What makes this a very powerful form of attack is that it is actually done within the limits of the HTML specification, which means the website is working as expected. The attackers only use this function for malicious attacks. The World Wide Web Consortium (W3C) is trying to define a new standard that will allow websites to prevent outside interference.

Site administrators may not know that something is wrong until complaints from users come in. It's hard to tell that an attack has occurred as everything on the site looks the same and the clickjack element has been thoroughly disguised as harmless.

The NoScript add-on for Mozilla, the Gazelle web browser, and the Framekiller JavaScript snippet are some measures that can be used to protect against a clickjack attack.

Was the explanation to "Clickjack attack"Helpful? Rate now:

Weitere Erklärungen zu Anfangsbuchstabe C