Security & Mobility Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
skathuria

Facebook attacked – again! Is your account at risk?

by Juniper Employee ‎11-21-2011 12:00 PM - edited ‎11-21-2011 12:02 PM

Facebook, the world’s most popular social networking site, is no stranger to the limelight. However, recent headlines weren’t ones it wanted. And that’s because Facebook has been hacked.

 

The hack or spam attack—now being attributed to renowned hacktivist group, Anonymous—essentially tricked unsuspecting Facebook users into copying malicious JavaScript code into the URL bar of their Web browsers to exploit a cross-site scripting (XSS) vulnerability. The spam included violent and explicit images that flooded users’ newsfeeds for hours.  Many of the images were so disturbing that some users decided to deactivate their Facebook accounts altogether.

 

To subdue this attack, Facebook says it has taken various steps, including automatically shutting down malicious pages that resulted from the self-XSS exploit, cleaning up infected user accounts, and shutting down “malicious” accounts that were used specifically to launch the attack. The company also claims to have implemented measures in the “back end” to mitigate such threats in the future. It remains to be seen if these efforts will be effective, particularly against new attack variants that are frequently being developed by hackers seeking notoriety or profit.

 

As an end user, you can take some measures to mitigate risk from such threats:

  • Use a "no script" (http://noscript.net/ ) browser plug-in that would allow JavaScript, Java, Flash and other plug-ins to be executed only by trusted Web sites of your choice (e.g. , your online bank).
  • Use a browser with integrated XSS protection such as IE8 or Google Chrome.
  • Avoid sharing personal data like date of birth, home address, or other identifying information in your profile and newsfeed.

While not a permanent solution, the suggested security measures can be effective against some variants of XSS attacks.

 

Additionally, if you run a business where you allow employees to access social networking sites from corporate controlled devices, consider using security services such as a network firewall that includes Web application threat protection. This can help mitigate application threats, including XSS, by blocking traffic from malicious sources before an attack takes place.

 

Though XXS vulnerabilities aren’t new, what happened at Facebook serves as a reminder that when engaging on social networks, your account and personal data are vulnerable to application attacks, despite security measures put in place by social network application vendors.

 

But as outlined in this blog there are best practices and solutions that can help protect you and your business. By considering adoption of these, you can significantly mitigate some of the risks that have emerged with the surging use of social networking sites.

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
About Security & Mobility Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kyle Adams
Senior Software Engineer

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Erin K. Banks
Senior Technical Marketing Manager

Profile | Subscribe

Ajay Bharadwaj
Product Manager

Profile | Subscribe

Paul Bristow
Senior Director
Product Management

Profile | Subscribe

Michael Callahan
Vice President
Product Marketing

Profile | Subscribe

Henrik Davidsson
Director
Security Sales

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Mora Gozani
Senior Manager
Product Marketing

Profile | Subscribe

Steve Hanna
Distinguished Engineer

Profile | Subscribe

Ashur Kanoon
Sr. Manager
Technical Marketing

Profile | Subscribe

Seema Kathuria
Manager
Product Marketing

Profile | Subscribe

Kevin Kennedy
Senior Director
Product Management

Profile | Subscribe

Dave Killion
Software Engineer

Profile | Subscribe

Rebecca Lawson
Senior Director
Product Marketing

Profile | Subscribe

Rajoo Nagar
Senior Manager
Product Marketing

Profile | Subscribe

Erin O'Malley
Manager
Product Marketing

Profile | Subscribe

Galina Pildush
Strategy & Planning
Architect

Profile | Subscribe

Edward Roberts
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Troy Vennon
Software Engineer

Profile | Subscribe

Brad Woodberg
Product Manager

Profile | Subscribe

Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.