Just a warning to all. We are are vulnerable to this new surfing threat. No browser is safe! Full story
This has been around since 2002. One method to protect yourself is to run Mozilla Firefox v3.0.3 as your web browser with the Noscript plugin v1.8.2.8. There is an option under the plugins menu for Noscript to forbid IFRAME, and apply restrictions to trusted sites, and under the notifications menu for Noscript there is a checkbox now called ClearClick Warning. For the other popular browsers, there might be other workarounds such as turning off Javascript, ActiveX, and IFRAME. Just google the term clickjacking to find articles and blogs. I think this is a pretty big deal. I run Firefox with Noscript, Adblock Plus, along with personal firewall and antivirus software on the desktop. That seems to prevent most problems. Another idea is to make sure you avoid logging into your computer as root or administrator. Create another account with less privileges and use it all the time for common tasks like web browsing, checking email, typing and printing. That way if you do run into problems, the attack won't get too far with your restricted user rights on the computer. When you do need to root or admin you can right click in Windows to select "Run As..." or in Linux use sudo. Another idea is to setup vmware, or Microsoft VirtualPC, and do everything from within the virtual machine you setup. It doesn't have to be another Windows OS, it can be anything like Solaris, Red Hat, Mac. That way when you experience a problem, it damages nothing. You just restore the saved vmware snapshot and continue like nothing happened. There are plenty of other scenarios and methods to protect yourself; these are just a couple of immediate thoughts I wanted to share.