You are here: Home » News » Like online games? Beware of ClickJacking

Like online games? Beware of ClickJacking

Written on 8th October 2008 2 COMMENTS
Ernst-Jan Pfauth, editor in chief

Most web-based games might appear innocent, but a blogger from GUYA.NET proves that they can function as a way for the web’s bad guys to take over your webcam. When this blogger first heard about this phenomenon clickjacking, he tried to develop a game that could do the same thing. He discovered that the Achilles heel of Flash was the Flash Player Setting Manager. Nice piece of citizen journalism.

By creating some sort of overlay in a Javascript Game, users just think they’re trying to click a button as fast as possible. What they really do, is granting some voyeur access to their web cam. Check it out:

Kudos for Adobe, who fixed this problem by “framebusting the Setting Manager pages“. Supposedly, 99.9% of the users are protected from spies, pervs, or whatnot. The issue still exists for Java, SilverLight, DHTML games and applications though. For details on this I gladly refer to ha.ckers.org.

2 Comments »

About the author: Ernst-Jan is blogger and co-organizer of BLOG08, who previously worked in New York to cover news at the United Nations. Next to writing, he's also a singer in the band Christina Five. Follow him on Twitter or read his personal blog Dutchproblogger.com .

2 comments to “Like online games? Beware of ClickJacking”

By Wouter on Oct 8, 2008

More info and a status overview of what is and isn’t fixed can be found here: http://ha.ckers.org/blog/20081.....g-details/

Reply
By Free Games on Oct 10, 2008

We have launched a game website like your but this is free of cost.Play and enjoy!

Reply

Add your button here too.
Only €99 a week (100.000+ pageviews = less than € 1 CPM!)
Upload your button now.

Popular Posts
Recent Comments
- Discussions
  - Tali Bargains: Hey thanks for Tweepz. It is...
  - Play Evony: I just started playing this new...
  - Khürt Williams: A bed is for sleeping or making...
  - Khürt Williams: Would I trust Google and...
  - Samolo: MJ est un montres sacré ! Tant au...
  - John Robinson: I totally agree that the problem...
TNW on Twitter
- - Tom Getchius: RT @TheNextWeb: Would you trust Google and Microsoft with your health records? - http://ri.ms/ha55
  - common style: RT @thenextweb To cross-post or not to cross-post... http://tnw.to/Wc
  - Yendil: I captured @TheNextWeb! Smack friends! http://snods.com/ #SNODS
  - Doug McIsaac: RT @thenextweb 3 apps to check username availability across all sites at once http://tnw.to/WW
  - Adam McDaniel: RT @TheNextWeb: Would you trust Google and Microsoft with your health records? - http://ri.ms/ha55

Recent Visitors:

Events

We're live blogging it

A Gathering for Developers
Partners

The Next Web Conference

The Next Web Blog is closely associated with The Next Web Conference which is held annually in Amsterdam, The Netherlands. At this event speakers from all over the world come together to talk about, and show off, the future of the Web. (More info 2009.thenextweb.com)

Make it official

We love you, dear reader, and hope you love us too. Make it official by adding us to one of these services:

More information

Home
About
Advertise
Contact
Team
Archives

The Next Web