Posted by: Dan O'Connor
click jacking, clickjacking, facebook
How much further can click jacking in facebook go?
Right now the main ones that I have seen are working to either gather information (or just a prof of concept) and try to use a browser vulnerability on the redirected page to infect the host.
Another from the Sophos blog tries to get you on a monthly cell plan.
What else could you do?
What about harvesting facebook passwords? What good is that, well I can’t say the number but I bet there is more people than not that use the same password for everything! You could also use this in research with passwords and combine information such as what people do, age, work history, and geographical location to build a model for what kind of password they would use. Why not?
I could also see targeted spear fishing attacks with click jacking.
Sounds like something fun!