Facebook Users Can Be Forced into Liking Arbitrary Pages


Recommended Posts

Facebook Users Can Be Forced into Liking Arbitrary Pages

Like button vulnerable to clickjacking attack

A security researcher has discovered a vulnerability which can be used to force Facebook users into liking arbitrary pages. The type of attack is known as clickjacking and does not require any form of user confirmation.

The Facebook “Like” button allows users to share content they find interesting on the Web. The feature is meant to allow users with similar interests to easily find and connect to each other on the social networking website. The button can be integrated by webmasters into any page on their website via a special IFrame.

The bug was discovered by a 21-year-old student named Eric Kerr who documented it on his blog. Successful exploitation results in arbitrary content being added to the user's Facebook News Feed, and at the time of writing this article the flaw was still active.

Kerr explains that a bug in the implementation allows potential attackers to trick users into Liking malicious pages without even knowing it. This can be accomplished by hiding the button on the page via CSS and attaching it under the mouse cursor using a bit of JavaScript.

Story - http://news.softpedia.com/news/Facebook-Users-Can-Be-Forced-into-Liking-Arbitrary-Pages-147531.shtml

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...