Security & Privacy + Software & Apps

The latest version of the NoScript Firefox extension has been released, with special protection against clickjacking. This extension contains ClearClick:

“whenever you click or otherwise interact, through your mouse or your keyboard, with an embedded element which is partially obstructed, transparent or otherwise disguised, NoScript prevents the interaction from completing and reveals you the real thing in “clear”. At that point you can evaluate if the click target was actually the intended one, and decide if keeping it locked or unlock it for free interaction. This comes quite handy now that more dangerous usages of clickjacking are being disclosed, such as enabling your microphone or your webcam behind your back to spy you through the interwebs.”

Apple has as yet offered no similar protection for its Safari browser.

Meanwhile, Macworld reports that there is a way for web sites to protect against clickjacking. “Web site owners, however, can take one step to prevent their users from falling victim,” said Giorgio Maone, an Italian security researcher who created the NoScript extension. “Programmers can use a script on their Web sites that checks to see if a Web page is embedded in another page.” This technique is called “framebusting”, and is used by major web sites such as PayPal.