Posted 05 July 2011 - 11:06 PM
My understanding of clickjacking is that there are elements - like send buttons - that you don't see under a layer of a web page that you do see - or the other way around. Wikipedia describes it as loading a page in a transparent layer over another page. So you think you are clicking one thing and actually you're clicking another. I can't figure out how one can be tricked into revealing confidential info from the descriptions I've read. That was my concern at the wacom web site - did the alert mean wacom's registration page had been compromised and if I typed in my email & name & address it would go somewhere other than just wacom. I know reputable sites get hacked but I don't know if reputable sites can have a clickjacking page loaded over their legitimate page.
Wacom's tech just said their web page was secure - that the alert must have been a false positive.
From what I'd read before, I thought clickjacking happened when you followed a bad link to an evil web page. How exactly invisible buttons stole info or took over your computer had something to do w/ browser/OS services/programs/permissions interactions, flash, & a confused deputy. I.e., I had no idea. Then I read something that made me wonder if clickjacking could be added to a legitimate web page.
If I get another clickjack warning I'd like to be able to figure out if it's likely real or likely not.
mac 10.6 on macbook pro
WinXP sp2 on Dell 380 w/ 512 MB RAM- currently dead in the water
WinXP tab ed sp 3 on Thinkpad X41 w/ 1.5 GB RAM - lemony flavored
Win2K Sp4 on Sony VAIO GXR600 w/ 512 MB RAM - currently blue screening