Inside money, markets, and Big Tech

This article was published on October 8, 2008


    Like online games? Beware of ClickJacking

    Like online games? Beware of ClickJacking
    Ernst-Jan Pfauth
    Story by

    Ernst-Jan Pfauth

    Ernst-Jan Pfauth is the former Editor in Chief of Internet at NRC Handelsblad, as well as an acclaimed technology author and columnist. He a Ernst-Jan Pfauth is the former Editor in Chief of Internet at NRC Handelsblad, as well as an acclaimed technology author and columnist. He also served as The Next Web’s blog’s first blogger and Editor in Chief, back in 2008. At De Correspondent, Ernst-Jan serves as publisher, fostering the expansion of the platform.

    Most web-based games might appear innocent, but a blogger from GUYA.NET proves that they can function as a way for the web’s bad guys to take over your webcam. When this blogger first heard about this phenomenon clickjacking, he tried to develop a game that could do the same thing. He discovered that the Achilles heel of Flash was the Flash Player Setting Manager. Nice piece of citizen journalism.

    By creating some sort of overlay in a Javascript Game, users just think they’re trying to click a button as fast as possible. What they really do, is granting some voyeur access to their web cam. Check it out:

    [youtube:http://www.youtube.com/watch?v=gxyLbpldmuU]

    Kudos for Adobe, who fixed this problem by “framebusting the Setting Manager pages“. Supposedly, 99.9% of the users are protected from spies, pervs, or whatnot. The issue still exists for Java, SilverLight, DHTML games and applications though. For details on this I gladly refer to ha.ckers.org.