Clickjacking Revealed

Clickjacking Revealed

The “Clickjacking” attack bothers me because it seems so obvious. Well, obvious to someone who has done JavaScript web development.

Years ago, I worked on a web user interface (wui) where we tried to duplicate all the functionality of a gui using Javascript and XML. This was Ajax before it was called Ajax. I had a demo that basically was a clickjack attack whose intent was to annoy the user or to trigger an event. A prank or a feature, it was trivial to implement with a few lines of code.

Thus the attack is another case of media hype. Giving this attack a clever name like “Clickjacking” seems to be like calling a person who unplugs your network cable a “Cablejacker”.


J Wolfgang Goerlich



(Incidentally, in case anyone is interested, my employer attempted to patent the wui idea. The details are online.)

Posted by