Clickjacking Blocked

Thursday, 12 February 2009

Some folks have noticed links from accounts they follow prefaced by the words, “Don’t click” which of course people want to click right away. The links take you to a web site employing technique called clickjacking. This technique seeks to trick web users and can take action on your behalf while you perform seemingly unrelated tasks.

As wikipedia states, clickjacking is “A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user’s knowledge, such as clicking on a button that appears to perform another function.” In this case that “other function” was posting a link to your Twitter account so that more people could be tricked and the cycle could perpetuate.

Thankfully the harm was restricted to constant reposting of the link, but we take malicious attacks on Twitter users very seriously and this morning we submitted an update which blocks this clickjacking technique.