Irregular Expressions

Nov 9 2010   11:52PM GMT

The evolution of facebook click jacking

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

How much further can click jacking in facebook go?

Right now the main ones that I have seen are working to either gather information (or just a prof of concept) and try to use a browser vulnerability on the redirected page to infect the host.

Another from the Sophos blog tries to get you on a monthly cell plan.

http://nakedsecurity.sophos.com/2010/11/09/jetblue-tickets-scam-spreads-via-facebook-jezebel/

What else could you do?

What about harvesting facebook passwords?  What good is that, well I can’t say the number but I bet there is more people than not that use the same password for everything!  You could also use this in research with passwords and combine information such as what people do, age, work history, and geographical location to build a model for what kind of password they would use. Why not?

I could also see targeted spear fishing attacks with click jacking.

Sounds like something fun!

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: