Facebook administrators have blocked a clickjacking exploit that displayed images of a scantily clad woman on profile pages without first prompting the user for permission.
The Register reports that the attack began when a victim encountered the image of the near-naked woman on a friend's profile page along with the words "Want 2 C something hot? Click da button, baby!" Facebookers who took the bait - and were logged in to their accounts at the time - found their profile pages were updated to include the same image. The more people who fell for the come-on, the more the come-on was presented to new potential victims, giving the attack a viral quality.
Researchers who first spotted the ruse attributed it to a CSRF, or cross-site request forgery, vulnerability on Facebook's site. A spokesman for the social networking site disputed that explanation, saying the attack was really the result of clickjacking.
"This problem isn’t specific to Facebook, but we’re always working...
Sex sells Facebook attack
The Register reports that the attack began when a victim encountered the image of the near-naked woman on a friend's profile page along with the words "Want 2 C something hot? Click da button, baby!" Facebookers who took the bait - and were logged in to their accounts at the time - found their profile pages were updated to include the same image. The more people who fell for the come-on, the more the come-on was presented to new potential victims, giving the attack a viral quality.
Researchers who first spotted the ruse attributed it to a CSRF, or cross-site request forgery, vulnerability on Facebook's site. A spokesman for the social networking site disputed that explanation, saying the attack was really the result of clickjacking.
"This problem isn’t specific to Facebook, but we’re always working...
Sex sells Facebook attack