Hot on HuffPost Tech:

See More Stories
AOL Tech

Facebook Users Vulnerable to Clickjacking

Facebook Users Vulnerable to Clickjacking
Privacy and security news for Facebook just keeps getting worse. No doubt, thanks in part to its ubiquity, Facebook is quickly becoming the Microsoft of social networking. The latest research shows that not only has certain user information been made available by the site without warning, but additional information can also be harvested with the use of simple clickjacking schemes.

Noted security consultant and researcher Nitesh Dhanjani has discovered that Facebook has changed its policy regarding third-party applications. It used to be that any app or external site would have to be given express permission by a user to access any profile information. Now, according to Facebook spokesman Simon Axten, Facebook is providing apps and services with "implicit authorization" to access "publicly available information."

But Dhanjani's discoveries don't stop there. He told CNET that Facebook accounts could easily be hijacked using clickjacking attacks, which lead users to sites with malicious code and hide a Facebook login page behind other content, such as embedded videos. Fellow researcher, Shlomi Narkolayev, chimed in, "Using ClickJacking, I also could fool users to click whatever I want: adding me as their friend, delete their account, and even open their camera and microphone."

Axten defended Facebook, telling CNET that such attacks were not unique to Facebook, and that the site had advanced tools to detect and block such malicious scams.

Facebook is a prime target for hackers and malware purveyors, but it's hardly the only one. Jumping ship to Twitter or (shudder) MySpace won't make you safe; only good browsing habits and good malware protection can do that. [From: CNET]

Tags: clickjacking, facebook, safety, security, top