Feeds

back to article Facebook users subjected to more clickjacking

Facebook users have been subjected to another round of clickjacking attacks that force them to authorize actions they had no intention of approving. The latest episode in this continuing saga, according to Sophos researchers, is a set of campaigns aimed at Italian-speaking users of the social network. The come-ons promise …

COMMENTS

This topic is closed for new posts.
Silver badge
Paris Hilton

Thank you for describing how this works

Unfortunately, I still don't understand how this works, nor what the target result is.

"they are forced into registering their approval of the videos using Facebook's “Like” button."

And? Apart from maybe being "forced" to give some sort of approval for a viral marketing video what harm has been done? Do Facebook users by their very nature even know or care that they have done this? After all, these are the same folk who think that they have 600 friends just because other people clicked on "Friend" at some distant time.

Or am I missing something?

1
0

This post has been deleted by a moderator

Silver badge
Thumb Down

NoScript, etc

"I have used "NoScript" in the past but much prefer "Cocoon" - er that is an domain-parking advertising site, just the sort of thing you might be clickjacked to?

Unfortunately the likes of NoScript only work with advanced users who *understand* computers in some details. Joe Average just says 'yes' to all & sundry requests because they find out things don't work otherwise.

The first rule of computer security is DO NOT ASK THE USER for they (usually) know nothing and thus can't competently decide if shaftmesideways.exe should be allowed to run, etc.

0
0

This post has been deleted by a moderator

Joke

Cryillic?

A little known language used by people exposed to extremely low temperatures?

0
0

Don't join!

Not joining this trivia site seems to be the ultimate answer. I find that all this "social networking" malarkey leaves me totally stone cold. I really can't see the point of exposing most of your life on the net for it to come back and haunt you in years to come. Kids don't seem to realise what damage it can do. I try and remain fairly anonymous in my web activities because once the genie is out of the bottle (as loads of "prominent" people have found to their cost), that's it - there ain't no way of squeezing it back in!

0
0
Badgers

letters and/or digits.

Getting fed up of the resurgence of sites that insist on javascript being enabled. Time was, you coded your basic functionality server-side and used javascript for a bit of non-essential (although admittedly often useful) bling. When did the web 2.0 babbies decide to abandon this completely sensible practice? Only themselves to blame I reckon.

1
0

nail head hit

seanmon. Well said.

Browser technology has crept well beyond its original design brief without proper considerationof side effects. So now the naive get caught and the wise cripple their browsers.

The smarter you make the browser apps the more vulnerabilities are introduced. The current iteration of facebook simply doesn't work with noscript on. m.facebook.com does though.

1
0
Thumb Up

Glimmerblocker for Safari in place of NoScript

Thanks to "david 63" for the reference to the mobile version of Facebook that seems to work sans scripts.

For Safari, the NoScript equivalent might be Glimmerblocker, which also can put download links on YouTube pages and do address bar searches for Wikipedia, Amazon, or just about anything else.

0
0
Black Helicopters

Arseface

Are they in league with the cybercrims? Or are they cybercrims themselves? I think we should be told.

0
0

This post has been deleted by a moderator

WTF?

How to stop this?

I'm assuming that to use the "like" feature you have to be granted an API key from facebook, yet I see no way of reporting these malicious pages to facebook so that said key can be revoked...

1
0

This post has been deleted by a moderator

Bronze badge

I suspect that facebook got so many "report" clicks

that they moved the link or diluted its effect.

One day, we'll find out that a whole department of a social networking site is filled with or infiltrated by domestic government operatives who plant surreptitious tracking. Hell, they may even be so bold as to openly infiltrate and dare any discoverers to say word one about it. After all, the CIA or FBI infiltrated an AT&T office in San Francisco, but it was outted around 2007 or 2008. It was quite messy. In the end, AT&T vacated that building and it seems to have acquired a toxic stigma. Seems to have been vacant for years.

Who, besides marketing and cold-sales teams would benefit the MOST from having unfettered, invisile access to our accounts? You guessed it. Ever wonder what is up when your "friend" could is 1 or 2 higher than the actual images?

0
0
FAIL

Facebook

The internet turd. You step in it and it's impossible to clean off.

0
0

iframes

It is not really "clickjacking" anymore since Facebook recently switched to "iframes." The rogue app can be programmed to contain the iframe. Very sleek and a great improvement for cybercriminals over the old clickjacking technique.

0
0
This topic is closed for new posts.