RSS

Clickjacking

09 Jun

I made a Facebook account when a friend of mine sent me an invitation. I'm not very active there, just it's the way to stay in contact with some friends, relatives,..In my opinion writing a blog here is much more challenging and creative than writing on a wall.

Security on Facebook is an issue that concerns me. They often change privacy policy and they add some features as default. To manage your privacy on Facebook, you will need to navigate through 50 settings with more than 170 options. They say they want to "offer precise controls for sharing on the Internet".

I read an article about "clickjacking". Facebook users see links to subjects such as "World Cup 2010 in HD",.. that their friends appear to have "liked". Clicking the link tricks users into recommending the site on Facebook too. I can see on my page that some of my friends liked "Plazma", "Eurocrem" or "Raffaello" 😆 I like them too but I am not gonna click the button.

Security experts say the scam currently has no malicious intent but could be adapted to deliver malware.
The link generally takes the user through to a page containing an instruction, such as asking them to click a button to confirm that they are over 18.

Wherever they click on the page it adds a link to their own Facebook profile saying they have also "liked" the site. If you want to read more information visit the link above.

There are three things you should know. Mr.Dan explained them to me.
1. IFRAMEs should not be confused with FRAMEs, which are completely harmless
2. Clickjacking is a very old problem, and all the browsers on all the operating systems are vulnerable to clickjacking*
3. Facebook could prevent clickjacking on their pages if they wanted to

*There are ways to protect yourself from clickjacking no matter what site you use. In Opera the easiest way is to disable IFRAMEs completely: go to the address opera:config#Extensions|IFrames and untick the checkbox, then click Save. However some websites (for example mail.google.com for everything and my.opera.com for attaching photos to blog posts) require IFRAMEs to work, so you should enable IFRAMEs just for them: After the website is loaded, right click the page and in Edit Site Preferences, the Display tab, enable IFRAMEs.

Advertisements
 
7 Comments

Posted by on June 9, 2010 in Uncategorized

 

Tags:

7 responses to “Clickjacking

  1. gdare

    June 10, 2010 at 11:06 pm

    Security issues was a reason 30.000+ users turned off their Facebook accounts. Actuallly, left them on hold, because it is impossible to delete FB account :left:

     
  2. WinterForLady

    June 11, 2010 at 12:06 am

    I heard it's impossible to delete it. I don't know is it trueeven if you delete your photos from FB it still keeps them somewhere.

     
  3. thetomster

    June 11, 2010 at 8:06 am

    *The are ways to protect yourself from clickjacking …

    … the easiest ways is still DON'T CLICK ON ANYTHING JUST BECAUSE YOU ARE ASKED FOR! … first of all users should take care … that doesn't mean it's not a problem with the security issues especially Facebook is dealing with … Facebook is still a mainly commercial orientated product … like Google … 'social' media is just a marketing trick (or should one say "marketing click"?)thanks for pointing out IFRAMES … it's really little known :up:

     
  4. AnitaMargita

    June 11, 2010 at 6:06 pm

    Thanks for sharing this useful information, Mira! 🙂 We really need to be careful on Facebook. :worried:

     
  5. qlue

    June 12, 2010 at 5:06 am

    The easy way is, just avoid using Facebook. :left:. I don't need it. :down:.

     
  6. qlue

    June 12, 2010 at 8:06 pm

    Originally posted by MirabelaTM:

    @Aadil- When I signed in for FB account I didn't know it will be hard to manage your security.

    Yeah, I hear you! :awww:. They just want you to sign up, which is why they hide all the important facts in their user aggreement! :irked:.

     
  7. WinterForLady

    June 12, 2010 at 8:06 pm

    @Dirk-Originally posted by thetomster:

    first of all users should take care

    Yes, I agree :up: Some people leave all their information public, some wrote their home address,..And I think children shouldn't be left without supervision of elders on the Internet.Originally posted by thetomster:

    thanks for pointing out IFRAMES

    You are welcome 🙂 @Anchi- You are welcome :happy: Yes, I agree.@Aadil- When I signed in for FB account I didn't know it will be hard to manage your security.

     

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Humanity in Syria is at risk

4 out of 5 dentists recommend this WordPress.com site

daily or thereabouts...

daily fray may keep me away...

tomboys|don't|cry

~ someday never comes ~

Jill Gallery

Photo of the Week or Thereabouts - A compression of our days. Sometimes just a theoretical snapshot.

gdare

Walking over sky, following a bird...

Mit's blog

Daily life

Chrysopeleia

The story of my dreams coming true

The Daily Post

The Art and Craft of Blogging

The WordPress.com Blog

The latest news on WordPress.com and the WordPress community.

%d bloggers like this: