Oct 08 2008
Stop reading this and go update your NoScript plugin to get the latest version with ClearClick enabled! And if you’re not already using Firefox with NoScript, there’s nothing I can do to help you.
Seriously, with all the talk about clickjacking over the last couple of weeks and proof of concept code being released yesterday, you do need to do something to protect yourself. One option is to follow Adobe’s suggestions for disabling the camera and microphone by default, but that’s only a stop-gap measure and only addresses a small part of the issue. NoScript in Firefox offers protection from clickjacking along with a host of other script-related issues. If you’re a security professional and you’re not already using this combo, I’m curious as to why. Really.
Clickjacking isn’t the end of the world, but it does add a new, set of vulnerabilities and concerns that the average user can’t be bothered to understand. It won’t open the Internet to the Apocolypse, but it will give the bad guys one more weapon to use in the malware wars. And one more thing we have to make sure to protect against. <big sigh>