Can I get clickjacked on Facebook?

Facebook gets a lot of scrutiny for spreading clickjacking attacks. To be fair, though, any other social networking site with Fb’s level of success would receive similar criticisms.

Internet security experts get asked a lot of questions that aren’t easy to answer. Perhaps the most common is “can I get clickjacked on Facebook?” I’ll try to answer this question as plainly as possible without delving into a lot of industry jargon and what-ifs.

In a word: Maybe.

I know, that’s not very helpful.

Here’s the thing, Facebook has actually been pretty good about stopping clickjacking attacks before they spread too far. The reality is that you’re 95 percent safe as long as you never stray from Facebook. The other side of that reality is that you’re going to click on links that take you away from FB’s domain.

Myspace tried to solve this problem by forcing members to acknowledge that they were leaving the site whenever they tried to follow an external link. Facebook hasn’t really gone  in this direction, which is good and bad. It’s easy to understand why Facebook doesn’t want to use this strategy. The warning is annoying. After a while, it becomes completely ineffective because users stop paying attention to it. The warning simply becomes a button that you have to click to move forward.

This leaves all FB members open to attack, but only when they follow clickjacked links. I’m not aware of any clickjack attacks that were implemented from Facebook itself. Whenever you follow a link, though, you never know where you’re headed.

Facebook has a good security team, but they could do a little more to educate their users about the nature of clickjacks. Even though the Myspace warning page was annoying, it offered information that users need to stay safe. Unfortunately, doing so could encourage members to use other social networking sites that won’t nag them.

All networking sites, therefore, have a tough choice to make between improved security and a growing base of frequent users. From a business perspective, you have to choose more members. That’s unlikely to change unless people start leaving FB for social networking sites that they perceive as safer alternatives.

Advertisements
Explore posts in the same categories: Uncategorized

Tags: , , , , ,

You can comment below, or link to this permanent URL from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: