Facebook users have been subjected to another round of clickjacking attacks that force them to authorize actions they had no intention of approving. The latest episode in this continuing saga, according to Sophos researchers, is a set of campaigns aimed at Italian-speaking users of the social network. The come-ons promise …
Thank you for describing how this works
Unfortunately, I still don't understand how this works, nor what the target result is.
"they are forced into registering their approval of the videos using Facebook's “Like” button."
And? Apart from maybe being "forced" to give some sort of approval for a viral marketing video what harm has been done? Do Facebook users by their very nature even know or care that they have done this? After all, these are the same folk who think that they have 600 friends just because other people clicked on "Friend" at some distant time.
Or am I missing something?
"I have used "NoScript" in the past but much prefer "Cocoon" - er that is an domain-parking advertising site, just the sort of thing you might be clickjacked to?
Unfortunately the likes of NoScript only work with advanced users who *understand* computers in some details. Joe Average just says 'yes' to all & sundry requests because they find out things don't work otherwise.
The first rule of computer security is DO NOT ASK THE USER for they (usually) know nothing and thus can't competently decide if shaftmesideways.exe should be allowed to run, etc.
A little known language used by people exposed to extremely low temperatures?
Not joining this trivia site seems to be the ultimate answer. I find that all this "social networking" malarkey leaves me totally stone cold. I really can't see the point of exposing most of your life on the net for it to come back and haunt you in years to come. Kids don't seem to realise what damage it can do. I try and remain fairly anonymous in my web activities because once the genie is out of the bottle (as loads of "prominent" people have found to their cost), that's it - there ain't no way of squeezing it back in!
letters and/or digits.
nail head hit
seanmon. Well said.
Browser technology has crept well beyond its original design brief without proper considerationof side effects. So now the naive get caught and the wise cripple their browsers.
The smarter you make the browser apps the more vulnerabilities are introduced. The current iteration of facebook simply doesn't work with noscript on. m.facebook.com does though.
Glimmerblocker for Safari in place of NoScript
Thanks to "david 63" for the reference to the mobile version of Facebook that seems to work sans scripts.
For Safari, the NoScript equivalent might be Glimmerblocker, which also can put download links on YouTube pages and do address bar searches for Wikipedia, Amazon, or just about anything else.
Are they in league with the cybercrims? Or are they cybercrims themselves? I think we should be told.
How to stop this?
I'm assuming that to use the "like" feature you have to be granted an API key from facebook, yet I see no way of reporting these malicious pages to facebook so that said key can be revoked...
I suspect that facebook got so many "report" clicks
that they moved the link or diluted its effect.
One day, we'll find out that a whole department of a social networking site is filled with or infiltrated by domestic government operatives who plant surreptitious tracking. Hell, they may even be so bold as to openly infiltrate and dare any discoverers to say word one about it. After all, the CIA or FBI infiltrated an AT&T office in San Francisco, but it was outted around 2007 or 2008. It was quite messy. In the end, AT&T vacated that building and it seems to have acquired a toxic stigma. Seems to have been vacant for years.
Who, besides marketing and cold-sales teams would benefit the MOST from having unfettered, invisile access to our accounts? You guessed it. Ever wonder what is up when your "friend" could is 1 or 2 higher than the actual images?
The internet turd. You step in it and it's impossible to clean off.
It is not really "clickjacking" anymore since Facebook recently switched to "iframes." The rogue app can be programmed to contain the iframe. Very sleek and a great improvement for cybercriminals over the old clickjacking technique.
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Video of US journalist 'beheading' pulled from social media
- Microsoft refuses to confirm 'Windows 9' unzip lip slip
- The Register to boldly go where no Vulture has gone before: The WEEKEND