facebook likejacking attack | facebook Deploys Anti-Likejacking Solution
Likejacking term originated from facebook. It's a kind of clickjacking technique to trick facebook users into liking pages. This is achived by making the like button invisible and placing it over another element that is most likely to be clicked by users such as play button of a video player. As a result, users who try to press play will instead end up liking the page without their knowledge if logged into Facebook.
Likejacking attacks were easy to launch because when shown on third-party websites, the Facebook Like button did not require confirmation, something that security researchers have criticized for some time.
But now facebook has implemented a new mechanism to block likejacking attack by requesting confirmation for suspicious like action. Clicking a suspicious Like button will now transform it into a Confirm one, which when clicked, opens a more detailed confirmation request in a pop-up window.
Likejacking term originated from facebook. It's a kind of clickjacking technique to trick facebook users into liking pages. This is achived by making the like button invisible and placing it over another element that is most likely to be clicked by users such as play button of a video player. As a result, users who try to press play will instead end up liking the page without their knowledge if logged into Facebook.
Likejacking attacks were easy to launch because when shown on third-party websites, the Facebook Like button did not require confirmation, something that security researchers have criticized for some time.
But now facebook has implemented a new mechanism to block likejacking attack by requesting confirmation for suspicious like action. Clicking a suspicious Like button will now transform it into a Confirm one, which when clicked, opens a more detailed confirmation request in a pop-up window.
0 comments:
Post a Comment