- Jan 24, 2011
- 9,378
Security experts fear that the introduction of iframes for Facebook Pages will open the door to even more abuse and will make the job of attackers on the social network much easier.
On Thursday, Facebook announced that Page admins can start creating Page Tabs which load apps inside iframes instead of the more restrictive FBML (Facebook Markup Language).
"[...] You can now build apps that run across Facebook (including Pages and Canvas applications) using the same simple, standards-based web programming model (HTML, JavaScript, and CSS)," Facebook's Nikolay Valtchanov said.
However, while Facebook developers were happy to hear about the changes, some security experts didn't share the enthusiasm.
"While this is no doubt great news for legitimate developers it will undoubtedly make life for those with malicious intent much easier too," notes Rik Ferguson, senior security advisor at antivirus vendor Trend Micro.
"No more likejacking required, no more having to persuade users to install your app, if a criminal can make the bait sweet enough just to get you to visit the page, that is all they will require to start the chain that leads to your computer being compromised and used for criminal purposes," he explains.
Facebook made policy changes to prevent the feature's abuse. But, of course, cybercriminals couldn't care less about terms of service.
More details : link
On Thursday, Facebook announced that Page admins can start creating Page Tabs which load apps inside iframes instead of the more restrictive FBML (Facebook Markup Language).
"[...] You can now build apps that run across Facebook (including Pages and Canvas applications) using the same simple, standards-based web programming model (HTML, JavaScript, and CSS)," Facebook's Nikolay Valtchanov said.
However, while Facebook developers were happy to hear about the changes, some security experts didn't share the enthusiasm.
"While this is no doubt great news for legitimate developers it will undoubtedly make life for those with malicious intent much easier too," notes Rik Ferguson, senior security advisor at antivirus vendor Trend Micro.
"No more likejacking required, no more having to persuade users to install your app, if a criminal can make the bait sweet enough just to get you to visit the page, that is all they will require to start the chain that leads to your computer being compromised and used for criminal purposes," he explains.
Facebook made policy changes to prevent the feature's abuse. But, of course, cybercriminals couldn't care less about terms of service.
More details : link
