Likejack Blame Starts to Fall on Facebook

Clickjacking has been a problem for a few years now. No one has been able to create a foolproof way to prevent the attacks from happening, but there has been some progress that makes clickjacking techniques harder to implement. Stopping clickjack attacks would be a lot easier if there was an overarching structure to the internet that allowed someone to set security standards.

That’s not to suggest that some agency should take over the whole internet. (An impossibility. The best someone could do is hold access hostage.)

Social networking sites, however, do have the ability to control what occurs on their pages. That’s one of the reasons that Facebook is starting to take a serious amount of heat for the persistent likejacking problem that makes it easy for hackers to spread viruses to millions of people.

Likejacking first drew attention in May. For a while, everyone gave Facebook some leeway to figure out a good solution to the problem. Two months later, though, Facebook hasn’t made any real strides towards finding a real solution. Sure, they’ve identified a couple of problematic links, shut them down, and claim some minor victories, but those accomplishments are like sopping up a puddle and saying that the flood has been beaten.

I’m usually the first person to defend popular websites. They attract a lot of hackers, so they necessarily have more problems with them. Even I, however, am starting to get sick of this game. How long should it take a company with resources like Facebook to figure out a solution to this problem? Hey, Facebook Team, you want a suggestion? Include an authorization that alerts Facebook members of every “like.” All it has to do is pop up and say, “do you want to like this?” This would add another layer of security, making it much more difficult for hackers to use clickjack attacks.

Facebook could also monitor the number of rejected likes. That way the security team could spot potential likejack attacks by the large number of rejections.

Sure, that would be slightly inconvenient for some Facebook members, but it would provide an overall benefit that makes the service better. It’s a worthwhile trade. If nothing else, it buys you more time to create a real security measure that prevents likejacks from occurring at all.

Explore posts in the same categories: Uncategorized

Tags: , , ,

You can comment below, or link to this permanent URL from your own site.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: