Justin Bieber is a good reason to review your Facebook security

Justin Bieber is a teen heart throb with a clean living image. Therefore I think we can safely assume he’s not to excited about his image being photoshopped  onto porn images now being distributed throughout Facebook thanks to the latest spam attack. I’m sure he’d rather be remembered for his charity funding nail polish product line and catchy tunes like that song Baby. You know the one … Baby, baby, baby, no … baby, baby, baby, oh … Actually, that’s all I know. I think it might be the whole song.

Facebook have acknowledge the spam attack that apparently exploits a browser vulnerability (we are not sure at this stage which browser it is) allowing cross site scripting.  If you want a bit more background on what that means, read this Sophos article about the attack. But in short, users are tricked into pasting some  code (JavaScript) into the address bar which then allows the malicious code to run.

Next thing you know – you’re looking at pornography, and so are your Facebook friends.

Justin Bieber
Justin Bieber

As an adult, you may find this little more than a nuisance. However, despite the 13 year old age limit – there are many children that use Facebook. If you have children that use Facebook, you might want to warn them against cutting and pasting content into the address bar – and this is a timely reminder to keep a close eye on them when they are online. I’m not a child psychologist – but I’m fairly certain pornography is not the best way to introduce children to sexuality!

These sorts of attacks within Facebook should come as no real surprise. There are 900 million Facebook accounts – half of which are active every day. That’s a very juicy target. But perhaps more importantly, Facebook is a social network – so people are there for the express purpose of sharing content. There are competitions, pages to like, pictures to view. Click this, click that.  Its a social engineering opportunity like no other. As Facebook increases it capability to host different types of content – more opportunities will present themselves for criminals to try and exploit.

Most scams are designed to raise money for the scammers, and you can safely assume that the lessons being learned from these attacks will be put into practice for those sorts of attacks later.

In the meantime, NetSafe has a page of tips for staying secure on Facebook. Check them out here.

Be Sociable, Share!

Leave a Reply

Your email address will not be published. Required fields are marked *