Facebook Victim to Click jacking ExploitsA widespread clickjacking exploit that showed pictures of a nearly nude woman without asking the user for authorization had been blocked by Facebook administrators last Monday. The insidious bait-and-switch code was identified after a victimized user reported the image of a scantily clad lady on a friend's page that beckoned him to click the button by promising him "something hot". This security hole is made possible by overlaying a concealed iframe over a link or button. Nearly every website is vulnerable to this particular trick, and sites producing large amounts of UGC (user-generated content) in particular are the perfect launch pads for such cyber assaults. Facebook taking action against exploitsThe Facebook users who were ensnared by the trap and were also signed in at the time soon saw their profile pages modified to include the same digital photograph. As the number of people who got tricked by the ruse increased, the images spread even faster to other possible victims, which gave the clickjack malware a viral feature to it. The IT security researchers who first discerned the hoax ascribed it to a cross-site request forgery (otherwise known as CSRF) bug that presently ails the Facebook website. |