clickjacking

Facebook adds new user security features

Facebook is launching several new security features today designed to protect users from malware and from getting their accounts hijacked.

First, the site will display warnings when users are about to be duped by clickjacking and cross-site scripting attacks in which they think they are following a link to an interesting news story or taking action to see a video and instead end up spamming their friends.

For example, a scam was circulating yesterday in which Facebook users were inadvertently commenting on what looked like a news site with details of the iPhone 5. Clicking on the link leads to … Read more

Don't fall for 'First Exposure: iPhone 5' Facebook scam

Facebook users are being duped into unwittingly spreading spam by clicking on what looks like a link to news entitled "First Exposure: iPhone 5."

A version of the scam, exploiting peoples' interest in the next-generation iPhone, went around Facebook earlier this month, and it's back today with minor changes.

The scam starts when you see someone in your social network comment on a link in a post that looks like it leads to a news story about the iPhone 5 at a Web address of "greatlakesnews.info." Clicking on the link takes you to a … Read more

Beware enticing Bieber links, free offers on Facebook

Old scams hiding under new headlines were circulating on Facebook this week, including promises of video involving obsessed Justin Bieber fans.

"I can't believe a GIRL did this because of Justin Bieber," says the post that has been appearing on Facebook walls and status updates.

Clicking the link leads to a fake YouTube-looking page that says "Please Watch this video only if you are 16 years or older," according to an M86 blog post. Hidden behind the video window is an iframe linked to Facebook so that clicking anywhere in the window will submit a &… Read more

Report: 95 percent of all e-mail is spam

Spam accounted for 95 percent of all e-mail sent worldwide during the third quarter, according to a report released today.

Panda Security's third-quarter report (PDF) also found that 50 percent of all spam came from 10 countries, with India, Brazil, and Russia as the top three sources. The U.S. came in No. 8, while the U.K. dropped off the list. Much of the spam that invades in-boxes comes from botnets that hijack computers whose owners don't realize their PCs have been infected, the report noted.

Trojans now are responsible for 55 percent of all malware threats, … Read more

Cheerleaders Gone Wild clickjacking tempts Facebook users

A new clickjacking scam was spreading on Facebook luring victims with a purported video of "cheerleaders gone wild," a security expert warned on Thursday before Facebook shut the attack down.

Victims' accounts were posting messages that said "cheerleaders gone wild - have to see this" with a photo of, you guessed it, a cheerleader carrying pom poms. Clicking the link led to a warning that the content may be inappropriate for some users and prompted users to confirm that they are 18 or older, said Graham Cluley of Sophos, who bravely clicked the link for research … Read more

Mozilla fixes Firefox holes, curtails clickjacking

Mozilla released two new versions of its browser on Tuesday, Firefox 3.6.9 and Firefox 3.5.12, to close 10 critical security vulnerabilities in each and to help Web site operators block a risk called clickjacking. Firefox 3.6.9 is also available from CNET Download.com for Windows, Mac, and Linux.

Critical vulnerabilities can let a remote attacker run arbitrary code on a computer. With Web browsers becoming both more important and more powerful, browser makers must constantly watch for new attack possibilities.

Firefox 3.6 also gets a new general approach to cut down browsing risks: … Read more

Facebook attack tricks users into 'liking' malicious links

Another clickjacking scam has hit Facebook, tricking hundreds of thousands of users to post messages to their pages saying that they like the malicious link, security firm Sophos said on Tuesday.

Like most of these scams, this one relies on social engineering and piques the interest of prospective victims with messages like:

• "LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE."

• "This man takes a picture of himself EVERYDAY for 8 YEARS!!"

• "The Prom Dress That Got This Girl Suspended From School."

• "This Girl Has An Interesting Way Of … Read more

Researchers: Facebook vulnerable to clickjacking

Facebook is susceptible to certain types of attacks that could allow someone to hijack an account while a user is interacting with another Web site, a security researcher warned on Monday.

Reseacher Nitesh Dhanjani also said a design flaw in Facebook is granting third-party apps permission to access user profile data without express approval from users.

Facebook used to display a pop-up window warning users when they added any third-party app that doing so would authorize the app to get access to user profile information. This allowed users to change their mind before adding the app. The company has changed … Read more

Block scripts in Firefox

The Internet is full of threats like cross-site scripting attacks and clickjacking. A lot of these attacks work by injecting scripts in Web pages that you don't even know are there. You can give yourself a modicum more protection by running a Firefox plug-in called NoScript.

NoScript blocks all scripts from running until you authorize them. Let me show you how it works.

Go to addons.mozilla.org and search for NoScript or get it from Download.com. Install it as you would any add-on. Once you have it installed, look in the bottom right corner at the little … Read more