A vulnerability on Facebook forced hundreds of thousands of users to endorse a series of webpages over the holiday weekend, making the social networking site the latest venue for an attack known as clickjacking. The exploit works by presenting people with friend profiles that recommend — or "Like," in Facebook parlance — links …
Funny how if you have Flash loaded you will have the issue. I like that the Apple products don't run that junk on the mobile devices, it's one less thing adding to this issue.
Oh look, Safari is also vulnerable to clickjacking, and a whole lot more besides.
Clickjacking doesn't require Flash at all. In fact, it took Apple over 9-months to patch Safari. Not only that, they copied what Microsoft did. So rather than running that "junk" called Flash, they run that Junk called Safari!
...He'll Save Every One Of Us
I wanna be Stevies bitch too.
How many Apple products do I have to buy to become owned?
I Agree with you regarding Flash, it is totally blocked in my browser. The thing is though, I have blocked flash by *CHOICE*.
Re. Flash, haha
... saviour of the universe?
blew off Safari quickly
I tried Safari for a bit, just out of curiosity, when I first got OSX. What frickin' dog food. Aside from not having the extendibility and control that Firefox has, it didn't even have a way of importing bookmarks that I could see. The bookmark-importing issue was the deal-breaker for me.
Does this really surprise anybody? FB is nothing more than an iSTD.
Does this really surprise anybody? The internet is like one big virus hole. May as well just unplug my telly while I'm at it too.
"May as well just unplug my telly while I'm at it too."
Uh ... your telly doesn't exactly transmit what you are watching, does it?
(Yeah, yeah, yeah, I know, I'm talking world-readable, not local wireless.)
Well, I must be wearng a condom - and so must thousands of others who don't fall for the cheap and easily spotted tricks that also appear elsewhere on the web.
I'm not sure if many of those who believe that Facebook is just one huge trap ready for punters to fall in to have ever used it for more than a couple of minutes.
There seems to be - a la Mac-haters - a sort of knee-jerk reaction similar to those who comment on the Daily Mail site "I've heard it's bad so down with that sort of thing".
Do we not get emails that we ignore or do we click on everything that comes in through the inbox?
Noscript - no problem?
Giorgio Maone's Noscript extension for Firefox was one of first to provide protection against the click-jacking menace. Although I suspect that the click-happy abandon with which Facebookers go about their business might overwhelm even the robust Noscript.
Darwin, Meet Facebook
I wonder if there will ever be a generation of youngsters who will, finally, grow up to be some non-gullible adults, about all things technical?
A man can dream, right?
FB and ne'er-do-wells
Made for each other....
"Virtually every browser is vulnerable, although many browsers come with safeguards that can make exploitation harder."
Virtually every browser is vulnerable, although many browsers are used by the clueless which regardless of safeguards makes exploitation trivial.
FB users and links to banal subject matter... kittens and balls of wool.
Perhaps my experience helps me realise that links/topics such as the one used for this exploit are drearily commonplace, often predictable and are seldom worth the effort of a click. It can't be common sense that stops me clicking such links, for by definition common sense occurs frequently, is usual and shared amongst humanity. If it was common sense, no one would click such links.
Is the average FB users life so empty that a link entitled "LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE" becomes such an exciting opportunity to seek entertainment that it cannot be ignored?
It was a good enough head-line to get me to click the story on El Reg......d'oh...Good job I don't use FB (or rather good job FB doesn't use me).
@ AC ("D'oh")
I don't care about FB or stupidly obvious links. I just came here to read the comments!
we need to have alert about it!
I think we need to have some websites to alert users about these issues at the same time. I wrote about it in Twitter on Firday but no one listened to me!!! So, we really need to have an alert website. Users can register there and say for example I want to have security alert of Facebook.com, Yahoo.com, Hotmail.com and Not Example.com.
Most of the people do not want to spend their time to read these security articles. we need to have something more useful for normal user!
Or people could just use some frigging common sense and not click on every little thing that their "friends" send them...
Or do we have to spell it out?
So along with the large dollop of common sense as prescribed above...
Just dont use crappy stuff like Facebook, Twatter, Yahoo mail, Hotmail & such other well known security cullinders such as Microfuck Messenger.
All of which are for kids to infect their parents computers so I can charge a fortune to clear it up - cheers easy!
Makes you wonder who is worst, the pervveyor of these nasties, or the robbing highwayman who takes advantage of such situations. Good luck while your work lasts as linux and Mac OSX start to gain ground against bug ridden windoze.
We already have an "alert Web site"...
...and it's called The Register.
Seriously, every major threat to privacy on the Internet I read about on El Reg, often before anybody else had it.
I have to wonder why on earth FB decide that its a good idea to let people have their own code on these pages. Otherwise how do they load up the iframes?
So what is the end result of this?
It's send stuff to your friends? What does it send? How do you stop it? Article is all a bit vague.
Facebook; no duhh.
Luckily for me, I deleted my Facebook account -- barebones and info-free as it was -- the other night after deciding that, on top of all the datamining and privacy issues, there wasn't anything I could do on Facebook that I couldn't do with email and a carefully assembled CC: list.
Oh, yeah, and I almost forgot... Flash bites.
I deleted my facebook, my dog and all my family! In fact I don't even connect to the internet anymore, just in case I get scammed, spammed and whammed! I have become so paranoid and so righteous that this comment is appearing direct from the power of my brain!
Lighten up you lot! FB is a crock we all know that, but then crossing the road is fraught. In fact more likely you will die slipping over in your bathroom than being run over, but you don't stop going to the kharzi!
So, any takers for how long it takes Zuckerman to figure out that
opening his social networking to world + dog scanning was an invitation to this sort of problem?
"Twitter was attacked by a series of clickjacking exploits last year that forced users to publish tweets against their will."
Bullshit. the computer didn't hold a gun to their heads and for them to tweet. I'm sure they were just too stupid to not tweet garbage.