back to article Facebook users subjected to more clickjacking

Facebook users have been subjected to another round of clickjacking attacks that force them to authorize actions they had no intention of approving. The latest episode in this continuing saga, according to Sophos researchers, is a set of campaigns aimed at Italian-speaking users of the social network. The come-ons promise …


This topic is closed for new posts.
  1. Goat Jam
    Paris Hilton

    Thank you for describing how this works

    Unfortunately, I still don't understand how this works, nor what the target result is.

    "they are forced into registering their approval of the videos using Facebook's “Like” button."

    And? Apart from maybe being "forced" to give some sort of approval for a viral marketing video what harm has been done? Do Facebook users by their very nature even know or care that they have done this? After all, these are the same folk who think that they have 600 friends just because other people clicked on "Friend" at some distant time.

    Or am I missing something?

  2. David 45

    Don't join!

    Not joining this trivia site seems to be the ultimate answer. I find that all this "social networking" malarkey leaves me totally stone cold. I really can't see the point of exposing most of your life on the net for it to come back and haunt you in years to come. Kids don't seem to realise what damage it can do. I try and remain fairly anonymous in my web activities because once the genie is out of the bottle (as loads of "prominent" people have found to their cost), that's it - there ain't no way of squeezing it back in!

  3. Anonymous Coward


    A little known language used by people exposed to extremely low temperatures?

  4. Seanmon

    letters and/or digits.

    Getting fed up of the resurgence of sites that insist on javascript being enabled. Time was, you coded your basic functionality server-side and used javascript for a bit of non-essential (although admittedly often useful) bling. When did the web 2.0 babbies decide to abandon this completely sensible practice? Only themselves to blame I reckon.

  5. david 63

    nail head hit

    seanmon. Well said.

    Browser technology has crept well beyond its original design brief without proper considerationof side effects. So now the naive get caught and the wise cripple their browsers.

    The smarter you make the browser apps the more vulnerabilities are introduced. The current iteration of facebook simply doesn't work with noscript on. does though.

    1. Zero Sum
      Thumb Up

      Glimmerblocker for Safari in place of NoScript

      Thanks to "david 63" for the reference to the mobile version of Facebook that seems to work sans scripts.

      For Safari, the NoScript equivalent might be Glimmerblocker, which also can put download links on YouTube pages and do address bar searches for Wikipedia, Amazon, or just about anything else.

  6. John I'm only dancing
    Black Helicopters


    Are they in league with the cybercrims? Or are they cybercrims themselves? I think we should be told.

  7. Jon Massey

    How to stop this?

    I'm assuming that to use the "like" feature you have to be granted an API key from facebook, yet I see no way of reporting these malicious pages to facebook so that said key can be revoked...

  8. dssf

    I suspect that facebook got so many "report" clicks

    that they moved the link or diluted its effect.

    One day, we'll find out that a whole department of a social networking site is filled with or infiltrated by domestic government operatives who plant surreptitious tracking. Hell, they may even be so bold as to openly infiltrate and dare any discoverers to say word one about it. After all, the CIA or FBI infiltrated an AT&T office in San Francisco, but it was outted around 2007 or 2008. It was quite messy. In the end, AT&T vacated that building and it seems to have acquired a toxic stigma. Seems to have been vacant for years.

    Who, besides marketing and cold-sales teams would benefit the MOST from having unfettered, invisile access to our accounts? You guessed it. Ever wonder what is up when your "friend" could is 1 or 2 higher than the actual images?

  9. Anonymous Coward


    The internet turd. You step in it and it's impossible to clean off.

  10. Teksquisite


    It is not really "clickjacking" anymore since Facebook recently switched to "iframes." The rogue app can be programmed to contain the iframe. Very sleek and a great improvement for cybercriminals over the old clickjacking technique.

This topic is closed for new posts.

Other stories you might like