by: Mike Close – BBW technician
In the last few days, many Facebook users have been seeing disturbing images ranging from pornographic material to severely abused animals. The images are showing up in users’ news feeds, which are visible by everyone in their friends list. However, it seems the individual person whose news feed displays theses images cannot see the images themselves.
Click on the title above to read more…
Facebook released a statement saying cross-site scripting caused the incident. Cross scripting requires a user to copy and paste a JavaScript code into the address bar of their browser. The code then launches the malicious software, thus producing the images on their news feed. This may, or may not, be the actual cause since IE, Chrome, and Firefox all have built in measures to prevent the pasting of JavaScript in the address bar. So, cross scripting seems unlikely.
Clickjacking is a better explanation of how this issue came to be. Clickjacking essentially means a user clicks on a seemingly harmless link, and the code launches in the background. These type of attacks have been happening on Facebook for years; whether it be a virus, keylogger, or just a simple browser hijacker. The most common links for this type of attack are free giveaways, contests, or sweepstakes entries; but they could also be a news story or even a “Like” button.
A Facebook spokeswoman stated, “we’ve built enforcement mechanisms to quickly shut down the malicious pages and accounts that attempt to exploit it…we have also been putting those affected through educational checkpoints so they know how to protect themselves [and] we’ve put in place backend measures to reduce the rate of these attacks” (http://www.computerworld.com).
Despite where the images originally came from, or what Facebook has done to solve the issue, the main responsibility lies with the users themselves. If you don’t know what something is, don’t click on it. If it looks too good to be true, it probably is. Be careful on Facebook, with over 800 million users it’s a major target for hackers, spammers, and scammers.
Sources:
http://www.computerworld.com/s/article/9221862/Update_Facebook_confirms_nasty_porn_storm
http://nakedsecurity.sophos.com/2011/11/15/facebook-hardcore-porn-violence-and-animal-abuse-images/