I'm surprised that no one is talking about this hack attack which I learned about reading in Forbes cybersecurity article on Jan 5th here at the following URL:
which may be blocked by a paywall if you don't have a Forbes subscription. I saved off an attached PDF with this post if you are blocked.?
?
As I understand, ClickJacking has been around for quite some time and most browsers have native built in protection for this. The new twist takes this devious hack to the next level, calling it Double ClickJacking. "This entirely new threat surface is exposed by the fact that hackers can trick the user of almost any website and almost any web browser into clicking something without even realizing they are doing it." or if a user is prompted to double-click on a prompt.?
?
iFrames, a window inside or on top of another window, are employed in some of these hacks. Other methods include a variety of diabolical schemes that are very concerning, if true.?
?
The good news however, unless I am misinterpreting the 30,000' view is "the user is asked to double-click on a prompt" is easy enough to avoid. Just never double-click. But is it that simple? I read the article three times but I'm not convinced the Double ClickJacking hack solution of simply never double-clicking.??
?
Is it that simple or does the article imply that the hack threat goes far beyond this simple interpretation??
?
TIA,
John
?
John