Facebook, the world’s most popular social networking site, is no stranger to the limelight. However, recent headlines weren’t ones it wanted. And that’s because Facebook has been hacked.
To subdue this attack, Facebook says it has taken various steps, including automatically shutting down malicious pages that resulted from the self-XSS exploit, cleaning up infected user accounts, and shutting down “malicious” accounts that were used specifically to launch the attack. The company also claims to have implemented measures in the “back end” to mitigate such threats in the future. It remains to be seen if these efforts will be effective, particularly against new attack variants that are frequently being developed by hackers seeking notoriety or profit.
As an end user, you can take some measures to mitigate risk from such threats:
While not a permanent solution, the suggested security measures can be effective against some variants of XSS attacks.
Additionally, if you run a business where you allow employees to access social networking sites from corporate controlled devices, consider using security services such as a network firewall that includes Web application threat protection. This can help mitigate application threats, including XSS, by blocking traffic from malicious sources before an attack takes place.
Though XXS vulnerabilities aren’t new, what happened at Facebook serves as a reminder that when engaging on social networks, your account and personal data are vulnerable to application attacks, despite security measures put in place by social network application vendors.
But as outlined in this blog there are best practices and solutions that can help protect you and your business. By considering adoption of these, you can significantly mitigate some of the risks that have emerged with the surging use of social networking sites.
Discussing a wide range of topics impacting enterprises and data center security.