Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Security

March 30th, 2011, 13:56 GMT · By

Facebook Deploys Anti-Likejacking Solution

SHARE:

Adjust text size:

Facebook introduces confirmation for Like
Enlarge picture
Facebook has implemented a mechanism to block so-called likejacking attacks by requesting confirmation for suspicious Like actions.

Likejacking is a term referring for attacks that employ clickjacking techniques to trick Facebook users into liking rogue pages.

Clickjacking, or user interface redressing as it's known in more technical circles, is a type of attack that exploits legit web technologies to hijack mouse clicks.

This is achieved by making a page element, in this case the Like button, invisible and positioning it over another element that looks innocuous, such as the play button of a web video player.

As a result, users who try to press play will instead end up liking the page without their knowledge if logged into Facebook.

Likejacking attacks were easy to launch because when shown on third-party websites, the Facebook Like button did not require confirmation, something that security researchers have criticized for some time.

According to Chester Wisniewski, senior security advisor at Sophos, that is no longer the case because Facebook introduced a new system that detects suspicious "Like" patterns and enforces confirmation.

"While precise details of how this system detects malicious 'Likes' are not available, I have seen it in action and it follows many of the suggestions we have made," the security expert writes.

In addition, the implementation was done in such a way that it would be very hard for attackers to hide and bypass the confirmation in a similar manner. Clicking a suspicious Like button will now transform it into a Confirm one, which when clicked, opens a more detailed confirmation request in a pop-up window.

While this is great news and a good step towards protecting users, Facebook still needs to refine the detection. "The technical approach to solving this problem is valid, but Facebook's detection algorithm only seems to work in rare instances. Since the deployment of this technology, I have only seen it trigger in a few likejacking attacks," Mr. Wisniewski notes.


1,696 hits
Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:


Over 100,000 Facebook Users Fall Victim to Italian Likejacking Attack
Sexy Teacher Facebook Clickjacking Leads to Survey Scams
Facebook Likejacking Scams Lure Users with Japanese Tsunami Videos
Clickjacking Scams Target Facebook Users in Their Own Language

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use