Posted tagged ‘security’

How Many Facebook Videos Have Been Clickjacked?

September 10, 2011

If you’re on Facebook, then you have to know thatĀ  some of the videos you see posted on the walls of friends are clickjacked. Clickjacked videos typically have invisible frames hovering over them, either over the hole video or just over the play button. When you push play on the video, you may or may not actually get to watch it. What you actually do is unleash a tactic called UI redressing. More than likely, clickjacked videos just repost themselves on your wall without your permission.

That’s kind of scary, especially considering that some of the clickjacked videos can steal personal information from your computer that allows hackers to steal your identity.

What’s even more scary is that research now shows that 15 percent of videos on Facebook are clickjackers. That’s right. 15 percent. That means that for every ten videos you see, more than one of them has been clickjacked. Click on ten random videos and you’re going to get clickjacked at least once.

Let’s face it, Facebook hasn’t done much to stop this kind of behavior. They pretty much let anyone post anything without discretion (unless its porn, I guess. They have a thing against porn).

Yet again, that means you need to protect yourself by avoiding shady videos. If you see a video that doesn’t look like your friend actually posted it,then don’t click it. If your uncle who’s totally into football posts a video about lady gaga, then you can feel pretty certain that it’s a clickjack. There’s just something not right with it, so stay away.

Advertisements

Clickjacking Affects Businesses Too

September 4, 2011

If you use the Internet, then you should know something about clickjacking. Simply put, you should know that it makes your browser perform an action that you didn’t (intentionally) execute. That can cause various problems, such as posting information on your Facbeook page, buying items on Amazon, or stealing your private information.

So, you know that there are some risks. If you’re smart, then you try to avoid suspicious videos and links. You might even use a widget or app that helps you detect potentially clickjacked sites.

But you’re just one person. Most of the time, you can protect yourself, but you know that things slip through every now and then. Chances are that you don’t even know when it happens. You just go about your day without knowing anything about it at all.

It’s a different story, though, when you are a business. Businesses have to worry about hundreds or thousands of employees clicking objects on the Internet. That means they are at a higher risk of contamination. It’s no wonder that so many businesses focus on security strategies that involve keeping a close eye on every employee.

You have to worry about things like identity theft. Businesses, however, have to worry about viruses stealing information from their clients. A business’s network often contains the credit card information and addresses of thousands of clients, not to mention the information that they use to confirm your identity when customers contact them.

This is a big concern for businesses, and that probably includes your employer. If your work doesn’t let you browse the Internet freely, there’s probably a good reason for that.

 

See Twilight for Free

August 19, 2011

Fans of Twilight can get a bit… well, fanatical. Give them the opportunity to attend a pre-screening for free, and they’ll do just about anything.

Anything, including fall for a Facebook clickjacking scam.

This specific clickjacking scam spreads through Facebook posts. To win the free tickets, you have to complete a survey. Finish that survey, however, and you’re taken to another one. You might think that you’ll eventually reach those tickets, but you never will. It’s a ceaseless journey that only ends when you get frustrated enough to quit.

By that time, though, it’s probably too late for your friends. That’s because you have shared information about the free tickets with everyone you’re connected to on Facebook. What? You don’t remember that post? That’s because the clickjack did it for you. Now all of your friends can fall victim to the hoax.

To make matters even worse, this scam focuses on young people who, as we all known, don’t always exercise the best judgment when exploring the net. Even parents that keep a close eye on their kids’ Internet usage might not spot this problem. It’s one thing for your kid to access a pornographic or disturbing website from the living room, but it’s quite another to fill out a simple survey. Few parents would even know to wonder whether it could have harmful effects.

Kids might think that they know more about the Internet than their parents. And maybe they do. But they don’t know more than their parents about the ways that scam artists prey on kids. That’s why parents have to make sure their kids know how to stay safe online.

Should We Expect More Protection From Clickjacking?

June 5, 2011

Clickjacking is a problem. There’s no getting around that. If you use the Internet, then you are a potential victim. It’s really that simple.

So, should we expect more protection from clickjacking? Should we expect individual websites to find new security measures that will prevent clickjackers from spreading their scams (I’m looking right at you Facebook and Twitter)?

To some extent, I think that we can expect these companies to assume some responsibility. After all, these companies have made billions of dollars from their clients. They should invest some of that money into research and development that helps them keep the clients safe.

At the same time, we can’t expect Facebook, Twitter, or any other big website to protect us from every threat on the Internet. Many of the clickjacks that people get through Facebook actually come from outside sources. Could Facebook do a better job of warning people when they are leaving the site? Absolutely. Could they do a better job of educating users so that they know more about the threats of clickjacking? I’d say so.

But they aren’t responsible for what happens to you on http://www.sometinysite.com.

That means you have to accept some responsibility on your own.

If you can’t prevent clickjacks from happening, then you can at least stop malware from infiltrating your computer as a result of clickjacked links. Get some good security software for your computer, and don’t be afraid to spend a few bucks on the highest level of protection. It’s the money that encourages software companies to design stronger products. If you only rely on freeware, then you are going to get burned at some point.

That’s just a fact of participating in a virtual world.

WordPress Improves Clickjacking Security

May 26, 2011

Improved clickjacking security seems to be the new thing amongst popular websites that allow user interface. First, Facebook released updates that would make it considerably more difficult for likejacking to take advantage of its site. Now, WordPress has released a beta version of its WordPress 3.2 that offers improved clickjacking security.

The latest update is WordPress 3.1.3, a platform that the company does not recommend for production servers. The company also says that its developments are right on schedule. That means the new version of WordPress will become widely available in just a couple weeks.

The company hasn’t specified exactly how the latest updates prevent clickjacking, but it is safe to assume that it uses some of the security features included in the latest Facebook updates. It will probably use a combination of security software that recognizes suspicious links and alerts that will allow users to decide whether they want to allow an action or not.

As long as WordPress remains as flexible and useful as its previous versions, this is great news for bloggers and Internet users alike.

By giving bloggers more control over the way that their websites function, WordPress could make it easier for them to prevent clickjacking links from affecting readers. Hopefully, WordPress has made some of the security features mandatory. That would prevent bloggers from incorporating clickjacked links into their posts.

As people become more aware of this problem, it is likely that companies will continue to search for solutions. That’s why we all need to stay informed about the security issues that might affect us.

Sophos Makes Some Suggestions

April 27, 2011

Sophos, one of the top Internet security firms in the world, has worked with Facebook in the past to make their site safer for users. Facebook, of course, doesn’t always use their suggestions, which might be why Sophos has published an open letter to Facebook on the Naked Security blog.

In the letter, Sophos outlines three suggestions that would make Facebook safer for everyone.

1. Make Privacy the Automatic Default

Facebook users have the option to set their profiles to private, but it’s not the default setting. This offers some benefits to Facebook as a business. Making the profiles more available allows advertisers to target their markets more effectively. The current default, however, also has a negative effect that puts users at risk. Making privacy the default would help eliminate that risk.

2. Vet All App Developers

If you know how to make a simple computer program, then you could make an App for Facebook. Facebook doesn’t really control the content of apps. If there are complaints about one, then they’ll look into the matter, but they don’t make developers submit to any vetting process. That’s dangerous for users, especially those that assume Facebook is taking care of them by scrutinizing the apps.

3. HTTPS Only

Currently, some Facebook pages use HTTP and others use HTTPS. The added -s can mean a lot, especially for those accessing Facebook through unsecured wireless routers. HTTPS sites encrypt information sent by the user. That’s makes it harder for someone else to steal information. It doesn’t make it impossible; but it does provide an extra layer of protection that would deter most small-time hackers from taking information.

Does Facebook have a responsibility to enact these and other security measures to protect its users? Or should users take more responsibility by learning how to keep themselves safe while logged in to Facebook and similar sites?