Sophos Reveals Security Hole in Facebook
According to a survey by IT security and data protection company Sophos, 95% of respondents think that Facebook isn't doing enough towards preventing Clickjacking worms that emerge on this social-networking site.
The security company dubbed the attack "likejacking." Reportedly, it abuses the 'Like' option through an automatic status update of a Facebook user, thus 'liking' a 3rd-party page even as that user remains unaware that an option was at all clicked.
Evidently, the user's friends on Facebook automatically share this update through the site's news input, while the attack proliferates fast amongst other members.
Furthermore, the attacks are designed to install malware, thus proving that Facebook's functioning has a weakness that can be exploited. As a result, users are put in potential danger of phishing or malware attacks at a later period.
Of late, the most recent widespread attack understandably targeted Facebook users and tricked them in such a manner that they became ready to 'like' a web-page titled "101 Hottest Women in the World" that contained a photograph showing Jessica Alba.
Shockingly when Sophos, queried 600 Internet users in a poll "Do you think Facebook is doing enough to stop clickjacking worms?", then most of the participants voted "no." This, therefore, underscores that Facebook crucially requires to work towards setting the problem right.
States Graham Cluley that Facebook clearly lacks the necessary level of security in implementing its 'Like' utility for its community of users. SOPHOS published this statement in news on June 15, 2010. The said security shortfall thus exposes the website to scammers' and spammers' abuses, leaving users vulnerable to external threats.
However, to deal with this problem, Cluley suggested a remedy whereby Facebook can put into force methods through which members of the site can decide more meaningfully about whether or not they are willing to 'Like' 3rd-party content.
According to the expert, through the use of a pop-up window enquiring if users are certain of accepting a 'Like' of a certain web-page, or through the provision of a facility for turning off the 3rd-party 'Like' utility completely, controlling these attacks will become far simpler.
Related article: Spike in Attacks Causes Early Release of Windows Patch
» SPAMfighter News - 24-06-2010