Asia's Source for Enterprise Network Knowledge

Sunday, April 20th, 2014

Information security management

Facebook to take legal action against porn spammers: Page 2 of 2

The social network has an impressive security scheme in place. The Facebook Immunity System (FIS), which analyzes 650,000 actions a second, has done a good job of protecting social networkers from malicious and annoying activity directed at their accounts, but it has its flaws.
 
For example, earlier this month, researchers showed how botnets could be created to harvest information from members without being detected by FIS. And, obviously, the latest spam deluge dodged detection.
 
That deluge was based on tricking members into pasting JavaScript code into the address bar of their browsers. The code caused a member to share offensive material with their friends.
 
While praising Facebook's action in cleaning up the mess, one secure browser maker added that problems with self-inflicted JavaScript infections persist on the network. "Facebook has cleaned up most of the offensive content from in the recent campaign," noted Mike Geide at the Zscaler blog. "But doing some specific searches I was able to find some examples of this self-inflicted JS injection technique being used on Facebook."
 
"The most common case, are Facebook groups that ask you to join and then enter in some JS into your URL bar," he added.
For Facebook members, the lesson here should be axiomatic: don't paste computer code in your browser's address bar.