How to Prevent Cross Frame Scripting

Posted by AALIYAH on March 2nd, 2017

If you are looking to increase your security then you will need to be aware of something called cross frame scripting. Cross frame scripting is a way that hackers are able to attack and steal data by combining an iframe with a malicious JavaScript. The success of the attack is usually dependant when it is used with social engineering. An example of cross frame scripting is when someone who is attacking is able to convince a site user to go to a site that is controlled by the attacker, rather than the page they wanted to get to. Once that website has been accessed, malicious software is able to download onto your computer and then copy your keystrokes. This could enable them to access your account by stealing your password and user credentials without your knowledge.

A commonplace browser security model will allow the JavaScript that has been loaded from one page to be able to access other pages, which are usually loaded in a different browser or frame, so long as they have been accessed via the original server or domain. Bugs within the model are usually taken from specific browsers which allows the attacker to get information that has been loaded from a different server. Keyboard events being recorded by the hacker will be leaked across the HTML framesets. As you type in your credentials, thinking that you are using a legitimate site, your login details can be recorded and used at a later date and compromising security.

In order to exploit the bug which gives the events from the keyboard to the attacker they can create a page that mimics the original. The borders of the frame will be hidden and expanded so that the user will assume they are using a site that is safe. The attacker will then register the JavaScript on the main page and receive notification of every single key you press. This, as you can imagine, is frustrating and most people do not realise that they have been subject to their information and actions being recorded as everything looks as normal.

The two most common ways to prevent cross frame scripting are to ensure the X-Frame Options are instructed not to allow any framing from any domain other than the original. The second is to ensure that the current frame consistently keeps the top level by using a defensive code.

Common methods used include sites that have extra links instructing the user to click a link for a free gift or service. Unfortunately, the page will load an iframe and if they try to delete messages, for example noticing something is not quite right, this is the link that contains the malicious site where you while assume you have got rid of the problem. The Adobe Flash settings are a good example of where you may get a pop up asking you to update or make changes to your settings. This could allow the attacker to get permission to use your flash animation which is capable of using your microphone and camera. Even social networking sites have suffered at the hands of cross frame scripting by causing users to repost a malicious location. This can escalate the problem for numerous users which is why it is so important to have security in place.


Link To Directory
Top Searches - Trending Searches - New Articles - Top Articles - Trending Articles - Featured Articles - Top Members

Copyright 2019 Uberant.com
614,635 total articles and counting.