Weird Security Term of the Week: "ClickJacking"

The Problem: You have just decided that you’re going to bite the bullet and buy a new car. As usual there are dozens of pages of forms to sign, initial and stamp- but after half an hour you are the proud owner of your brand new car. Several weeks go by, and you’ve forgotten all about the paperwork when you receive a bill in the mail for the first payment on your new personal loan. You call up the bank, saying that you never signed up for anything apart from the car loan, yet they have your signature on the papers which they send copies to you via email. Sure enough, there’s your signature in all of the appropriate places, but you never remember signing anything like that. When you go back to the bank on further examination however, there are tell-tale traces from carbon paper over the cover of it- showing that you had actually signed a different paper that was on top of it.

“Clickjacking” is a very similar concept that you most often see on pages such as Facebook where there are dozens of different applications and ads fighting for your attention and screen space. However, in a situation where two elements overlap it can pick up on your click actually being for a different element than the one you thought you clicked on. In an age where a click is as legally binding as a signature, this is not good.

The Solution: There are a handful of ways of getting around Clickjacking, although most revolve around using defensive add-ons to your browser.

Solution the First: NoScript

More Information available at:

NoScript is a swiss-army knife of browser protection tools, and among them is the ‘ClearClick’ utility that immediately picks up on elements that are overlaid on top of each other in a page. If you’ve ever used NoScript and gone to a site like Facebook, you will most likely have already seen these issues when trying to use an element where the User Interface (drop-down menus and such) and the work area (games or flash-based application) overlap. NoScript is able to pick up on this, and alert you to a potential problem.

Solution the Second: Ghostery

More Information available at:

While Ghostery doesn’t have all the bells and whistles of NoScript, it is however able to pick up on elements in a web page that can be used to trick the user into clicking on something else- whether that is a visible element or not. Additionally, Ghostery provides a lot of additional utility in blocking trackers around the web- thus loading pages more quickly and safely.

Solution the Third: Disable Javascript manually

Full Guide Available at:

While not every browser supports NoScript or similar add-ons, all of them support the ability to disable javascript completely. This can help increase your protection a great deal, however in some cases Javascript is necessary to make the page actually work. The ability of NoScript to selectively disable javascript is very important, but this option will work if you have no other alternative.

Clickjacking is not a high-profile issue, mostly due to the fact that nobody actually realizes what’s going on when it happens. Having automatic safety measures in place will help to protect yourself and others from situations that may cause a great deal of harm both on the web and in reality.