Nine Threats Targeting Facebook Users - Slide 3

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
Next Nine Threats Targeting Facebook Users-3 Next

According to, all versions of Internet Explorer running on any variant of Microsoft's Windows operating system are at risk of a flaw, dubbed "cookiejacking," in which a user is tricked into copying the text of the cookie file and sending it off to the attacker. The attack could let hackers impersonate victims on password-protected websites, like Facebook and Twitter. However, that attack requires the gathering of bits of information from the unsuspecting user:

First off, the targeted cookie has to be for a site that the user is actively logged into in order for the exploit to have any meaning. The attacker also has to know the target's Windows username as well as the operating system the user's running in order to pull up the cookie itself.

Microsoft is downplaying the flaw, which was discovered by Italian researcher Rosario Valotta. Computerworld quotes Jerry Bryant, group manager with the Microsoft Security Response Center, as saying:

Given the level of required user interaction, this issue is not one we consider high risk in the way a remote code execution would possibly be to users ... In order to possibly be impacted, a user must visit a malicious website and be convinced to click and drag items around the page in order for the attacker to target a specific cookie from a website that the user was previously logged into.

The marriage between social networking and social engineering could be one of the top security threats in 2011. Social engineering is hardly a new issue, but as social networking becomes more mainstream both in the home and in business, it goes to follow that the bad guys will do whatever they can to be one step ahead of users.

According to the folks from Zscaler:

Attacks on end users virtually always involve social engineering – a user must be convinced to visit a web page, open an attachment, etc. Spam email has valiantly served this purpose for many years, but just as everyday users are migrating away from email and toward social networks such as Facebook and Twitter for communication, so too are hackers. This is far from a bold prediction as attackers have been abusing social networks since they first came online. For example, XSS vulnerabilities on Twitter have been used to push malicious tweets, while Likejacking has emerged on Facebook as a means of promoting malicious profiles.

Social engineering schemes will be like this one Sue Poremba stumbled across at

Some colleagues are reporting a phishing expedition to identify and engage Information Operations experts on LinkedIn. They’ve reported invitations from “George W.” who purports to be “Colonel Williams”, an “IO professional” in the DC area.

Invitations, with a number of wording variations, has been received by a number of active duty IO personnel recently. Investigation by several others has shown that the profile is for a nonexistent person.

In Sue’s own professional network, a person was friending everyone, yet no one knew him. Despite that, over 40 people clicked the accept button, so it looked like they had a wide circle of mutual friends. Turns out, the person was a scammer and his account was quickly deleted from the social network. Who knows what his intent was, but it appears he was taken care of before he could do damage. Sue expects to come across many more situations like that in the coming year.

This slideshow features some of the most recent attacks targeting Facebook users.

More Slideshows:

Forces Shaping the CIO Agenda in 2011 CIOs need to get the balance right between utility and innovation in order to secure influence in the future.

Ten Tips for Getting the Most Out of Your Laptop Quick tips and configurations to help you optimize your laptop experience.

Ten Security Tips for iPhones and iPads Recommendations from the NSA for maintaining iOS 4 security.


Related Topics : Security Breaches, Vulnerabilities and Patches, Application Security, Spyware, Pharming

More Slideshows

Social14-190x128.jpg 10 Ways to Improve Your Social Media Security Policy and Posture

When phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily. ...  More >>

Security120-290x195 5 DDoS Myths Debunked

Unearth the real story behind five commonly held myths about distributed denial-of-service attacks. ...  More >>

Security119-190x128 8 Tips for Ensuring Employee Security Compliance

IT security ultimately depends on making sure employees use the appropriate tools and comply with policies designed to protect them and their data/applications. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.