Clickjacking Worm Exploits Facebook "Like" Feature

← Back to Stories (view on slashdot.org)

Clickjacking Worm Exploits Facebook "Like" Feature

Posted by StoneLion on Monday May 31, 2010 @03:17AM from the it's-no-robert-morris dept.

An anonymous reader writes "For the last 24 hours, a series of attacks have exploited Facebook's 'Like' feature through a clickjacking vulnerability. Using subjects such as 'This Girl Has An Interesting Way Of Eating A Banana, Check It Out!' hackers have spread an attack that links to web pages that use invisible iFrames to trick users into saying they like the content. Users are presented with a innocent-seeming web page that says 'Click here to continue,' but clicking at any point on the page publishes the same message to their own Facebook page. Security blogger Graham Cluley says that hundreds of thousands of Facebook users have been hit, and offers advice on how to clean up affected Facebook profiles.

124 comments

Min score:

Reason:

Sort:

Link? by Ecuador · 2010-05-31 03:21 · Score: 5, Funny

I hate posts without proper links...
So, who will post the direct link to the girl with an interesting way of eating a banana?

--
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
1. Re:Link? by DeadPixels · 2010-05-31 04:02 · Score: 3, Informative
  
  Warning: This is a clickjacking attempt, obviously, so copy/paste the URL only if you want to see it for yourself. NoScript blocks it for me.
  
  http://www.mprosperstats.info/bananalike/index.htm?ref=search&sid=dpf-GrMT3GTEEuQTlotyMg.3788977952..1
2. Re:Link? by alvinrod · 2010-05-31 04:38 · Score: 2, Interesting
  
  You fool, there is no girl eating a banana. It was all a ruse, a nasty trick designed to play on your insatiable curiosity for the bizarre!
  
  I know because I tried clicking on it :(
  
  Reminds me of this bash.org quote.
3. Re:Link? by hduff · 2010-05-31 04:38 · Score: 1
  
  So is there a safe link to the bananna-eating girl pic? Just asking as a public service since it seems a lot of people want to see it.
  
  --
  "I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
4. Re:Link? by Low+Ranked+Craig · 2010-05-31 04:50 · Score: 3, Funny
  
  The banana is a lie!
  
  --
  I still cannot find the droids I am looking for...
5. Re:Link? by Anonymous Coward · 2010-05-31 05:01 · Score: 1, Funny
  
  So, who will post the direct link to the girl with an interesting way of eating a banana?
  
  I will. Here it is.
  
  That video's got to be at least 3 years old, and I'm still impressed.
6. Re:Link? by Anonymous Coward · 2010-05-31 05:38 · Score: 0
  
  Call me naive, but I'm just floored that an apparently average person could pull that off. Also ... the reaction of the boyfriend is hilarious. The way the expression on his face slowly changes cracks me up!
7. Re:Link? by DarkOx · 2010-05-31 05:47 · Score: 1
  
  No the banana is real I assure you; the girl is the lie.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
8. Re:Link? by Dogtanian · 2010-05-31 05:52 · Score: 2, Informative
  
  Reminds me of this bash.org quote.
  That's a great quote, so I kind of feel like a bastard for spoiling it, but... P2P programs generally recognise identical files by their hash value; so if the guy simply renamed some files that were already out there under their original name, they'd have used his copy for certain parts, even if people didn't search under it for that name.
  
  --
  "Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
9. Re:Link? by Anonymous Coward · 2010-05-31 06:47 · Score: 2, Informative
  
  Probably NSFW depending how up tight your boss is:
  http://www.youtube.com/watch?v=It7cHFyms0Q
10. Re:Link? by Dumnezeu · 2010-05-31 07:02 · Score: 1
  
  404
  
  --
  Yes, it's sarcasm. Deal with it!
11. Re:Link? by Anonymous Coward · 2010-05-31 07:17 · Score: 0
  
  So is there a safe link to the bananna-eating girl pic? Just asking as a public service since it seems a lot of people want to see it.
  
  I have no idea what the clickjacked link was supposed to be for, but this thread reminds me of this (barely-safe-for-work) Motivational poster featuring... well, if not the girl, then at least it features a girl with a banana.
12. Re:Link? by Anonymous Coward · 2010-05-31 07:53 · Score: 0
  
  Actually I think the new term is "bananajacking".
13. Re:Link? by Lythrdskynrd · 2010-05-31 11:14 · Score: 1
  
  you see THIS http://i48.tinypic.com/10h8t2p.jpg before you fill in the survey and this http://i47.tinypic.com/260pmpk.png after. essentially it's a screenshot from lamebook.com
14. Re:Link? by 2obvious4u · 2010-06-01 03:57 · Score: 1
  
  If it wasn't for the "porn pros" watermark on the video and the title "world's best deep throat" it would be just fine for work. The video itself is safe, it is just a fully clothed blonde eating a very large banana in one bite.
15. Re:Link? by HolyCrapSCOsux · 2010-06-01 07:35 · Score: 1
  
  So...
  Couldn't one just find out the hash values of the pieces of the files they are downloading and generate random data until the hash value matches?
  Slow, yes.
  Generating a movie randomly? Priceless..
  
  --
  0xB315AA8D852DCD3F3DCA578FD2E0BF88
I was afraid to click the link... by Robin47 · 2010-05-31 03:26 · Score: 3, Funny

after that article.
1. Re:I was afraid to click the link... by Flea+of+Pain · 2010-05-31 03:47 · Score: 3, Informative
  
  Flea of Pain like this.
  
  --
  Do not argue with an idiot. He will drag you down to his level and beat you with experience.
2. Re:I was afraid to click the link... by MokuMokuRyoushi · 2010-05-31 05:38 · Score: 0
  
  Considering your (Informative) mod, you're obviously an important enough person to pay my respects. Wilt Thou accept my humble worship?
  
  --
  Humans are terrible replicators of Godly things.
caterpillar by kervin · 2010-05-31 03:29 · Score: 3, Insightful

Why does the Slashdot section on worms have a picture of a crawling caterpillar?
1. Re:caterpillar by Anonymous Coward · 2010-05-31 03:40 · Score: 0
  
  In the US, a caterpillar crawling in that way is called an inchworm.
2. Re:caterpillar by WrongSizeGlass · 2010-05-31 03:50 · Score: 4, Funny
  
  Why does the Slashdot section on worms have a picture of a crawling caterpillar?
  They do it just to bug people ;-)
3. Re:caterpillar by maxume · 2010-05-31 03:54 · Score: 2, Informative
  
  If it helps, those are often called inchworms.
  
  --
  Nerd rage is the funniest rage.
4. Re:caterpillar by FooAtWFU · 2010-05-31 03:56 · Score: 1
  
  Why does the Slashdot section on worms have a picture of a crawling caterpillar?
  
  Because it's cute and fuzzy, obviously. Also, I like pretty butterflies. ./~ <3
  
  --
  The World Wide Web is dying. Soon, we shall have only the Internet.
5. Re:caterpillar by Tim+C · 2010-05-31 05:22 · Score: 1
  
  In the US perhaps; I've never heard the term here in the UK - not that I talk about caterpillars very often of course...
  
  --
  It's official. Most of you are morons.
6. Re:caterpillar by SnowZero · 2010-05-31 06:40 · Score: 1
  
  According to wikipedia, they are the caterpillar form of the geometer moth, which are commonly called loopers, spanworms, or inchworms. There are apparently 300 varieties in the UK and over 1200 in North America, so it seems to be pretty common both places.
7. Re:caterpillar by sakdoctor · 2010-05-31 06:44 · Score: 1
  
  The big hungry inchworm wouldn't have sold nearly so well.
8. Re:caterpillar by nospam007 · 2010-05-31 07:46 · Score: 1
  
  In the US perhaps; I've never heard the term here in the UK.
  You got metric, it's the common 2,54cm worm.
9. Re:caterpillar by clone53421 · 2010-06-01 03:44 · Score: 1
  
  Pff. Give worms an inch and they’ll take a mile.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
NoScript by SlashDPC · 2010-05-31 03:29 · Score: 4, Informative

Thank you NoScript for stopping this for me. I knew it looked "phishy."
1. Re:NoScript by bwcbwc · 2010-05-31 03:46 · Score: 4, Informative
  
  Better yet, use NoScript's ABE facility to block any non-Facebook web page from loading a Facebook page or API. From http://noscript.net/abe/ :
  # This one allows Facebook scripts and objects to be included only
  # from Facebook pages
  Site .facebook.com .fbcdn.net
  Accept from .facebook .fbcdn.net
  Deny INCLUSION(SCRIPT, OBJ, SUBDOC)
  
  --
  We are the 198 proof..
2. Re:NoScript by Anonymous Coward · 2010-05-31 03:53 · Score: 4, Interesting
  
  Here's the line from my unbound.conf that solves all Facebook related problems for me:
  local-zone: "facebook.com." static
  followed by no local-data lines.
  I see "address not found" error messages on lots of web pages: Facebook iframes are freaking everywhere. No more.
3. Re:NoScript by noncaptusest · 2010-05-31 04:00 · Score: 1
  
  NoScript rocks. Being using it for a long time and will be for time to come
4. Re:NoScript by asdf7890 · 2010-05-31 04:31 · Score: 1
  
  I've just tried this with the latest NoScript in an otherwise default configuration, and it seems stop facebook itself from operating (which depending on your opinion of such things, may or may not be a bad result!).
5. Re:NoScript by snl2587 · 2010-05-31 04:33 · Score: 2, Interesting
  
  Reason #1 why I refuse to switch to Chrome.
6. Re:NoScript by 0100010001010011 · 2010-05-31 04:36 · Score: 1
  
  About that...
7. Re:NoScript by Anonymous Coward · 2010-05-31 04:54 · Score: 0
  
  Because Chrome has no built-in way to whitelist Javascript, or extensions that do the same.
8. Re:NoScript by Anonymous Coward · 2010-05-31 05:09 · Score: 0
  
  Thank you for adding the required by law "I USE NO SCRIPT TO I RULE!" smug post.
9. Re:NoScript by Anonymous Coward · 2010-05-31 06:14 · Score: 0
  
  Looks like there's a typo in it. I think you need to add the ".com" behind facebook like so:
  Site .facebook.com .fbcdn.net
  Accept from .facebook.com .fbcdn.net
  Deny INCLUSION(SCRIPT, OBJ, SUBDOC)
10. Re:NoScript by snl2587 · 2010-05-31 06:26 · Score: 1
  
  Not in a way that isn't a complete pain in the ass for frequent surfing. Plus, it doesn't support deep control or even come close to preventing click-jacking on pages you allow.
11. Re:NoScript by smcn · 2010-05-31 06:41 · Score: 2, Informative
  
  A similar technique for Privoxy users can be found here: http://bmearns.net/wwk/view/Privoxy
  By default it only stops cookies. At the bottom of the page it is explained how to block all Facebook access from third party sites.
12. Re:NoScript by Anonymous Coward · 2010-05-31 07:44 · Score: 0
  
  Not in a way that isn't a complete pain in the ass for frequent surfing.
  Wrong. Maybe you should use something before, y'know, offering advice.
  
  Plus, it doesn't support deep control or even come close to preventing click-jacking on pages you allow.
  Deep control is totally unnecessary and only highly slows down page rendering times. Click-jacking is not a concern for (1) semi-intelligent geeks, and (2) Chrome or IE8 users on X-Frame-Options-secured pages (but as always, Facebook is delaying).
13. Re:NoScript by sdstuart · 2010-05-31 09:04 · Score: 1
  
  The .com was left off in the "Accept from" list. Try this version with it added, it works for me. # This one allows Facebook scripts and objects to be included only # from Facebook pages Site .facebook.com .fbcdn.net Accept from .facebook.com .fbcdn.net Deny INCLUSION(SCRIPT, OBJ, SUBDOC)
  
  --
  My SIG is a P220.
14. Re:NoScript by asdf7890 · 2010-05-31 10:09 · Score: 1
  
  Ah, thanks. I did a quick scan for typos but somehow completely missed that one. Your edited version does the trick, thanks.
15. Re:NoScript by Anonymous Coward · 2010-05-31 11:25 · Score: 0
  
  You seem to be referencing an obtrusive method of blocking Javascript, and have no idea what clickjacking is.
16. Re:NoScript by Anonymous Coward · 2010-05-31 12:12 · Score: 0
  
  If you can come up with a way for non-retards to fall victim to clickjacking, you just might become rich.
  But as it's already a solved problem in all browsers except Firefox, your time is somewhat limited to the length of time it takes remaining websites to incorporate the new HTTP header.
  In fact, this issue is probably even less a concern than seems apparent, as IIRC IE6 would warn about loading an HTTPS page inside non-SSL pages. There goes half of the internet.
17. Re:NoScript by snl2587 · 2010-05-31 20:47 · Score: 1
  
  Deep control is totally unnecessary and only highly slows down page rendering times.
  Interesting that you seem to know exactly what my needs are. The primary reason I use NoScript is to block JavaScript beyond page-level. The Chrome feature you're referencing is far too heavy-handed for my needs.
  So going back to the original statement, I'll gladly continue to use Firefox for surfing while I'll keep using Chrome as part of my development toolset.
18. Re:NoScript by clone53421 · 2010-06-01 03:52 · Score: 1
  
  Thanks, I’ll be blocking those domains in AdBlock now...
  facebook.com$third-party,domain=~fbcdn.net fbcdn.net$third-party,domain=~facebook.com
  That should ensure that content from both domains will work together on the Facebook site itself... I’ll have to wait until I get home to actually test them, though.
  (I knew facebook.com obviously but I also knew there was a 2nd domain that I didn’t remember off the top of my head.)
  Oh, and here’s a freebie (it got used on this page, in fact):
  #a(href*=goatse.)
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
19. Re:NoScript by Anonymous Coward · 2010-06-01 10:09 · Score: 0
  
  If you have problems with Facebook after using the example above, try using the line "Accept from .facebook.com .fbcdn.net" instead of "Accept from .facebook .fbcdn.net". ;-)
20. Re:NoScript by Anonymous Coward · 2010-06-01 10:17 · Score: 0
  
  # This one allows Facebook scripts and objects to be included only
  # from Facebook pages
  Site .facebook.com .fbcdn.net
  Accept from .facebook .fbcdn.net
  Deny INCLUSION(SCRIPT, OBJ, SUBDOC)
  If you have problems with Facebook after using the example above, try using the line
  "Accept from .facebook.com .fbcdn.net"
  instead of
  "Accept from .facebook .fbcdn.net". ;-)
21. Re:NoScript by clone53421 · 2010-06-01 12:43 · Score: 1
  
  Strike that, seems that these are the required filters. The ones I posted earlier don’t seem to do anything.
  ||facebook.com^$third-party,domain=~fbcdn.net ||fbcdn.net^$third-party,domain=~facebook.com
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Advice by whisper_jeff · 2010-05-31 03:31 · Score: 3, Insightful

Graham Cluley ... offers advice on how to clean up affected Facebook profiles
Here. I'll offer the simplest advice you can get: Stop clicking on stupid shit.

Just by doing that, internet/computer security would be vastly improved. Once all of our moms and computer-illiterate uncles learn that one little gem, we'll be a long ways towards solving most of the computer-related security issues. Of course there are steps after that to really nail down security but, until people stop clicking on stupid shit, we're fighting a losing battle.
1. Re:Advice by gEvil+(beta) · 2010-05-31 03:33 · Score: 2, Funny
  
  Here. I'll offer the simplest advice you can get: Stop clicking on stupid shit.
  
  I can't wait till a link from the Idle section turns out to be serving up malware...
  
  --
  This guy's the limit!
2. Re:Advice by QBasicer · 2010-05-31 03:35 · Score: 1
  
  Or rather become rather grumpy and not 'like' anything, or anybody.
  
  --
  x86, oh yes, I'm pro.
3. Re:Advice by Anonymous Coward · 2010-05-31 03:36 · Score: 3, Insightful
  
  The thing about click jacking is you don't have to click on stupid shit. You could be clicking on something entirely legitimate, or so you think.
4. Re:Advice by Krneki · 2010-05-31 03:38 · Score: 0
  
  Curiosity kills the cat.
  
  P.S: Do we have to remind people that this shit work only on M$ platform?
  
  --
  Love many, trust a few, do harm to none.
5. Re:Advice by bfields · 2010-05-31 03:43 · Score: 5, Insightful
  
  Here. I'll offer the simplest advice you can get: Stop clicking on stupid shit.
  Just by doing that, internet/computer security would be vastly improved.
  Eh. The scammers use "stupid shit" as the bait because that's what works. If "intelligent shit" started attracted the most clicks, they'd start using that instead.
  Once a single mouse click on an infected link is enough to propagate the link, it's already game over--the choice of bait is a detail.
6. Re:Advice by solaraddict · 2010-05-31 03:46 · Score: 1
  
  Here. I'll offer the simplest advice you can get: Stop clicking on stupid shit.
  
  Eh. From what I see, most people are on FB precisely because of it - people seem to like clicking on stupid shit.
7. Re:Advice by WrongSizeGlass · 2010-05-31 03:53 · Score: 4, Insightful
  
  Eh. The scammers use "stupid shit" as the bait because that's what works. If "intelligent shit" started attracted the most clicks, they'd start using that instead.
  You mean "This New Intel CPU Has A Great New Hologram! Check It Out!" won't work?
8. Re:Advice by TheRaven64 · 2010-05-31 03:59 · Score: 1
  
  Does anyone read idle? There was a thing telling me idle was a complete waste of time and not to go there on the front page, so I opened up the preferences thing and made sure it didn't appear on the front page for me. Made Slashdot a lot better...
  
  --
  I am TheRaven on Soylent News
9. Re:Advice by vlm · 2010-05-31 04:06 · Score: 5, Funny
  
  Eh. The scammers use "stupid shit" as the bait because that's what works. If "intelligent shit" started attracted the most clicks, they'd start using that instead.
  OK I'm all confused now. Just answer the question, is "Why Apple Is So Sticky" safe to click on or not?
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
10. Re:Advice by mister_playboy · 2010-05-31 04:14 · Score: 1
  
  In case you haven't noticed, the editors are fond of sneaking Idle articles into the other sections... samzenpus, especially.
  
  --
  Do what thou wilt shall be the whole of the Law ::: Love is the law, love under will
11. Re:Advice by fustakrakich · 2010-05-31 04:18 · Score: 1
  
  Stop clicking on stupid shit.
  Absolutely. Don't click here
  
  --
  “He’s not deformed, he’s just drunk!”
12. Re:Advice by Phroggy · 2010-05-31 04:19 · Score: 4, Insightful
  
  Sometimes, stupid things are funny. I don't live in a bubble, and if my friends think something stupid is funny or interesting, I want to see it, because I care about what my friends think and because I find value in sharing an experience and because it might actually be worth my time.
  I don't have to use Facebook, but it's how a lot of my friends choose to communicate, and my social life is healthier because of it. Many of them aren't geographically close enough to see them in person often, and those that are don't always have a compatible schedule, so Facebook allows me to stay in contact with people I wouldn't otherwise be able to (indeed, I've reconnected with people on Facebook that I haven't seen in over a decade, who are on the other side of the globe).
  I think it's reasonable to expect that when I click a link to a web page, nothing bad should happen to me. In fact, nothing did happen - I'm not sure if that's because Facebook has already blocked this, or my browser has built-in security measures in place to prevent it, or (more likely) the exploit failed due to some bug or incompatibility. I looked at the HTML, saw what it was trying to do, saw that it was malicious, and went no further. That's how I WANT things to work.
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
13. Re:Advice by Khyber · 2010-05-31 04:38 · Score: 3, Interesting
  
  "P.S: Do we have to remind people that this shit work only on M$ platform?"
  iFrame malware isn't *JUST* a Windows issue. Think harder next time.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
14. Re:Advice by Anonymous Coward · 2010-05-31 04:40 · Score: 0
  
  That would be counterproductive since it isn't remotely true.
15. Re:Advice by Anonymous Coward · 2010-05-31 04:41 · Score: 0
  
  Eh. The scammers use "stupid shit" as the bait because that's what works. If "intelligent shit" started attracted the most clicks, they'd start using that instead.
  It is, however, much, much harder to create intelligent shit than stupid shit. Which is not to say it's particularly hard to create mildly intelligent shit, it's just so damn easy to create stupid shit these days. Five seconds of randomly reading Facebook will show you what I mean.
16. Re:Advice by corbettw · 2010-05-31 04:42 · Score: 1
  
  That would be redundant as Idle is, itself, malware.
  
  --
  God invented whiskey so the Irish would not rule the world.
17. Re:Advice by Culture20 · 2010-05-31 05:05 · Score: 1
  
  Eh. The scammers use "stupid shit" as the bait because that's what works. If "intelligent shit" started attracted the most clicks, they'd start using that instead.
  It is, however, much, much harder to create intelligent shit than stupid shit. Which is not to say it's particularly hard to create mildly intelligent shit, it's just so damn easy to create stupid shit these days. Five seconds of randomly reading Facebook will show you what I mean.
  s/Facebook/\/./
  FTFY
18. Re:Advice by Anonymous Coward · 2010-05-31 06:06 · Score: 0
  
  Here. I'll offer the simplest advice you can get: Stop clicking on stupid shit.
  How do you distinguish stupid shit from non-stupid non-shit without going ahead and clicking?
19. Re:Advice by Vexorian · 2010-05-31 06:39 · Score: 1
  
  Are you aware of any IQ tests mine could take?
  
  --
  
  Copyright infringement is "piracy" in the same way DRM is "consumer rape"
20. Re:Advice by Anonymous Coward · 2010-05-31 06:52 · Score: 0
  
  Click here to see Mr. Hanky give a lecture on quantum physics!
21. Re:Advice by ObsessiveMathsFreak · 2010-05-31 07:11 · Score: 1
  
  It's Juicy.
  
  --
  May the Maths Be with you!
22. Re:Advice by John+Hasler · 2010-05-31 08:06 · Score: 1
  
  > I think it's reasonable to expect that when I click a link to a web page,
  > nothing bad should happen to me.
  Why not shorten that to "I think it's reasonable to expect that nothing bad should happen to me"?
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
23. Re:Advice by Anonymous Coward · 2010-05-31 09:01 · Score: 0
  
  It got me, running chrome on linux.
24. Re:Advice by antdude · 2010-05-31 09:11 · Score: 1
  
  Can't you use e-mails, IMs, IRC, etc. instead? I was on Facebook, but was kicked off for using fake datas. I did NOT want Facebook to have my real datas.
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
25. Re:Advice by Anonymous Coward · 2010-05-31 10:25 · Score: 0
  
  Please, let me offer you some advice:
  stop using Facebook.
26. Re:Advice by Phroggy · 2010-05-31 16:11 · Score: 1
  
  Can't you use e-mails, IMs, IRC, etc. instead?
  No, because many of my friends won't use them.
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
27. Re:Advice by antdude · 2010-05-31 16:29 · Score: 1
  
  That sucks. Not even IMs and e-mails -- two common Internet things. Wow. :(
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
28. Re:Advice by clone53421 · 2010-06-01 03:55 · Score: 1
  
  Not while you’re at work.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
29. Re:Advice by clone53421 · 2010-06-01 03:59 · Score: 1
  
  I think it's reasonable to expect that when I click a link to a web page, nothing bad should happen to me.
  It partially depends on what your idea of “bad” is. A line gets posted to your news feed saying that you “like” something. That could be mildly embarrassing but it’s not bad to the same degree as getting your computer rooted or stepping off the curb and getting hit by a truck.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
30. Re:Advice by Phroggy · 2010-06-01 14:19 · Score: 1
  
  That sucks. Not even IMs and e-mails -- two common Internet things. Wow. :(
  Some do use IM, which is fine if they happen to be online at precisely the same moment I am. And they generally can all receive e-mail, but they wouldn't send me e-mail for anything that wasn't really important; for just generally staying in touch it's not the medium of choice.
  I know, it seems crazy, because e-mail is such a huge part of our lives, but the unenlightened see things differently.
  
  --
  $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
  $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Didn't work for me by Phroggy · 2010-05-31 03:39 · Score: 1

I encountered this on Facebook a few minutes before seeing it on Slashdot. I'm not sure why, but it didn't work for me. Does Safari have any sort of built-in protections against this sort of thing? Or has Facebook blocked it already? Or did it just not work due to a bug somewhere?

--
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
1. Re:Didn't work for me by WrongSizeGlass · 2010-05-31 03:54 · Score: 1
  
  Does Safari have any sort of built-in protections against this sort of thing?
  It's not MS IE?
2. Re:Didn't work for me by ducomputergeek · 2010-05-31 05:02 · Score: 1
  
  I saw it too, and same thing. Safari wouldn't do anything with the click. But I'm running Safari Ad Block, Flash Block, and a couple other plug ins that may have stopped it.
  
  --
  "The problem with socialism is eventually you run out of other people's money" - Thatcher.
3. Re:Didn't work for me by Firehed · 2010-05-31 07:07 · Score: 1
  
  It definitely works in Safari, though it's possible that Facebook has blocked the problem links. That said, check your "my profile" page as it doesn't show up the homepage feed.
  
  --
  How are sites slashdotted when nobody reads TFAs?
Interesting, but... by Anonymous Coward · 2010-05-31 03:52 · Score: 1, Funny

This has been going on for weeks, I received three at least two weeks ago. It wasnt that hard to realize it was malicious; my sister doesnt tend to care about how other women eat bananas
1. Re:Interesting, but... by twidarkling · 2010-05-31 04:17 · Score: 1, Interesting
  
  I figured it was probably malicious, but it was from a friend who's usually on the up-and-up, so I jacked up my security temporarily, and clicked. When I got the big white page with "click to continue," yeah, that's confirmation. Not a single one of those is in any way legit. Ever.
  
  --
  Canada: The US's more awesome sibling.
lol, facebook by netz95 · 2010-05-31 03:58 · Score: 0, Flamebait

I'm shocked this doesn't happen more often, 95% of facebook's users are complete idiots.
1. Re:lol, facebook by dsoltesz · 2010-05-31 04:13 · Score: 1
  
  Yeah... one of my friends, who usually finds entertaining stuff, "like" the prom dress page. He's intelligent and computer savvy. I'm probably intelligent and even more computer savvy, but the combo of my friend posting that title got me. The real "stupid shit" that folks are clicking is the giant "click here to continue" on the page. That's where common sense says "time to hits the googles if ya really wanna know."
2. Re:lol, facebook by alvinrod · 2010-05-31 04:45 · Score: 1
  
  Hell, half of the world's population is below the median for competency. I'd wager more than half is below the mean. This is especially true regarding competency regarding computers and the internet.
  
  The only reason it doesn't happen more often is that stupidity-exploiting malice seems to be supply limited at this time.
3. Re:lol, facebook by Anonymous Coward · 2010-05-31 06:22 · Score: 0
  
  Indeed, some even think that an idea like 'competency' can have a mean or median. Hint: What are units of competency? How do you quantify someone being twice as 'competent' as someone else?
  Hoist by your own petard, methinks.
Re:StoneLion by tomhudson · 2010-05-31 03:59 · Score: 3, Interesting

If you click on his name, it shows he's one of those social media guys. "Slight" would be an understatement, and understandably - it's his job.
Plus, Facebook is in the news for its' privacy screw-ups. They have less than 3 months left in their deal with the Canadian government to bring their site into compliance with Canadian law (which is what got the whole "Facebook has a privacy problem" thing going 9 months ago, and got other governments to then launch similar probes).
Fix is right here by vlm · 2010-05-31 04:02 · Score: 3, Informative

and offers advice on how to clean up affected Facebook profiles.
No problemo, just click right here:
http://www.facebook.com/group.php?gid=16929680703
The title is "How to permanently delete your facebook account." Or, is it?

--
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Re:8===D O: == Muhammad by DeadPixels · 2010-05-31 04:04 · Score: 4, Informative

The real problem isn't as much of an exploit so much as it is Facebook's platform for cross-site publishing is basically broken. They allow any site to act as the user with no confirmation other than a click, which as we've seen is easy to get via an invisible iFrame that follows the mouse. Aside from revamping the way they handle "Likes" and other such things on other sites, there's not much they can do to "fix" it.
Save the web.. by Anonymous Coward · 2010-05-31 04:11 · Score: 0

Use lynx.
Problem solved by Anonymous Coward · 2010-05-31 04:14 · Score: 0

Don't use Facebook, tadah.
New? by Vegan+Cyclist · 2010-05-31 04:19 · Score: 1

I got hit by this a few weeks ago, there was a similar 'Bet You Don't See...' item to Like. I had the impression it was going to be like the basketball/gorilla video, but it automatically invited all my friends, etc..there was no way (i could see) to not do it once you were sucked in.
I 'reported' it (although the Facebook 'report' button is entirely inadequate for this), and encouraged the friend i got this from to as well..
Why is this only coming up now? When i hit that page, it had already sucked in nearly 200,000 people. (ie, the number of 'Fans'.)
1. Re:New? by clone53421 · 2010-06-01 04:02 · Score: 1
  
  If something requires you to “like” it before you’ve even seen it, you should already not like it even one bit...
  P.S.
  This applies to real life in general, not just stupid Facebook pages.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
2. Re:New? by Vegan+Cyclist · 2010-06-01 09:11 · Score: 1
  
  I didn't... It got me to paste a URL into my browser (which of course i was suspect of, but d'uh..but it was rather sneaky about it, and i was tired at the time), and then it did its thing.
  I didn't actually ever click 'like', which is part of the problem...and that this is only getting attention now.
Culture20 likes you. by Culture20 · 2010-05-31 04:23 · Score: 1

I saw a lot of my friends get hit by something just like it, including a rick-roll. Every one of them said they didn't click "like" on the rick-roll site, but it showed up as a like on facebook anyway. Who wouldn't be curious enough to want to click on a "FriendX likes you." link? Thankfully I have a habit of checking the URLs on unusual facebook links. The strange part was there were many different URLs for the "you", so it looked like a "distributed" attack (FB couldn't just search for one URL).
Yep, saw it last night. by dasunst3r · 2010-05-31 04:33 · Score: 3, Informative

Out of curiosity, I opened the link in a separate browser without my Facebook login. It would then try to do a "security check" in which you have to answer a survey to prove that you're human. Being the smart Slashdotters we are, we know Captchas are how it's done. The main take-away: (1) Hover, look, and think before you click and (2) If the link goes outside Facebook, it is SPAM and should be reported.
Re:8===D O: == Muhammad by RobVB · 2010-05-31 04:35 · Score: 3, Insightful

There's something everyone can do to fix it for themselves, though: log off when you're done using Facebook. Of course, that makes it harder to tell your little friends about how you "heart" (sorry, Like) various things.

--
I'd rather you rationally disagree than irrationally agree.
Re:8===D O: == Muhammad by hduff · 2010-05-31 04:42 · Score: 2, Insightful

Much simpler to abandon security-plagued Facebook, the Windows 98 of social networking sites (myspace would be the Windows 95 equivalent).

--
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
I think I just got targeted from an ad. by undecim · 2010-05-31 04:43 · Score: 1

While opening a bunch of feed items (including this one) which included several different websites, I was prompted to download "like.php" which is a kind of thing that happens when websites set bad headers...
None of my tabs failed to load, so I'm guessing this came from a rogue advert (?)
I don't have a facebook account though, so I'm not worried.

--
The Internet has given stupid people the resources of intelligent people.
Could have been worse... by ArsenneLupin · 2010-05-31 07:09 · Score: 1

They could have combined it with the "history stealing" exploit, registered domains bananas.com and peaches.com, and picked for each victim the "appropriate" site to like.
SHUTUP! Not Funny. Caterpillars aren't a bug. by Anonymous Coward · 2010-05-31 07:11 · Score: 0

What qualifies as a bug is a known as a Shield insect. A shield insect is somewhat a kind of beetle that has ornate markings on its wing cases, specifically has a sucking mouth-part, may emit a foul odor when bothered, and is as diverse as either specializing carniverous acts of stalking prey to even communing with fellow herbivores to suck dry a non-fibrous stem of a plant. Carnivorous varieties of Shield bugs are obviously cannibalistic, while the herbivorous variety commune together like a bunch of stinkin' hippy gypsies. Bugs that aren't a variety of Shield are also seasonally aquatic, such are; Toebiters, Waterboatmen, Backswimmers, and Whirlygigs. Insects that are buglike in that they have a sucking mouth organ but without a Shielding wingcase is the everyday Aphid.
Look for Shield bugs on Daisies, or maybe Carnations.
I typed this all by myself, to bug you moaarrrrr.
Related exploit by bbosh · 2010-05-31 07:13 · Score: 1

It is also worth pointing out another Facebook exploit which allows a page to 'run' Javascript on a Facebook page. It prompts the user to perform certain actions which copy-and-paste a 'javascript:' style URL to the address bar, and to click Enter to execute the Javascript. This also has the potential to spread fast by sharing it with all of your friends. See http://infinity-infinity.com/2010/05/facebook-exploit-social-engineering-javascript-injection/.
He'll be sad when he thinks long and hard about it by Anonymous Coward · 2010-05-31 07:46 · Score: 0

I wonder what she told him in order for him to become his Sympathy-boyfriend. One does not blow bananas as a talent, it's a business...
Related by Sparton · 2010-05-31 08:36 · Score: 1

If you think that'll work, you might want a look at this...
http://www.theonion.com/articles/entire-facebook-staff-laughs-as-man-tightens-priva,17508/
iFrames? by Anonymous Coward · 2010-05-31 08:56 · Score: 0

An iframe isn't an Apple product. It's an HTML tag. It's iframe.
1. Re:iFrames? by clone53421 · 2010-06-01 04:03 · Score: 1
  
  He used lowercase HTML! Burn the heretic!
  Just kidding.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
That's no bug! by Anonymous Coward · 2010-05-31 10:25 · Score: 0

But the hemipteran order goes through incomplete metamorphosis, not complete metamorphosis. So they never have a larval stage that looks anything like that.
What's that whooshing noise?
This is why I have a separate FF profile for FB by calmofthestorm · 2010-05-31 10:31 · Score: 1

To solve problems like this. No matter what Mark Z decides to Zuckerpunch my privacy settings into tomorrow or the next time he secretly changes them, or not matter what bullshit he opts me into, the rest of my webbrowsing (slashdot and wikipedia) will remain separate from FB's braindead "features".
I already removed almost all my personal info of course, but facebook is simply too big to close completely. It would close off a useful service. Again, it's not that I object to FB trying to make a profit to support a free service, I expect that. It's that I don't like being tricked and worn down into doing things I don't want.

--
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
Re:8===D O: == Muhammad by buchner.johannes · 2010-05-31 11:10 · Score: 1

and replace it with ... ?

--
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
No more bees? by YrWrstNtmr · 2010-05-31 14:16 · Score: 0, Offtopic

Cellphone use gets rid of bees? Sweet! I have a couple of ground hives in the yard that need to go.

The most common suggestion I've gotten - gasoline....:(
Re:StoneLion by Anonymous Coward · 2010-06-01 00:35 · Score: 0

And if they don't bring their site into compliance with Canadian Law, they get their loli-pop taken away.
I usually.... by hesaigo999ca · 2010-06-01 00:41 · Score: 1

If you hover first over the web page, you can see what is clickable and what is not, if the whole webpage looks like one big url link to be clicked, then flag goes up in MY head...so don't click, but i think with javascript there are ways to even eliminate the hover click icon for x, y position and make it avalable only between the points....i may be wrong though, my javascript is a bit rusty....i think it was a x , y point element you had to set....anyhow...still gives you a heads up if there was no real cover for that click link.
Anyone in /. get hit by this, would like to get that info if possible...
1. Re:I usually.... by clone53421 · 2010-06-01 04:06 · Score: 1
  
  Yes, it’s the cursor CSS style and you don’t really need Javascript unless you want to change it dynamically (i.e. change it to a hand inside a box region while making it a default pointer everywhere else).
  However your rule of “if the whole webpage looks like one big url link to be clicked, then flag goes up in MY head” is rather inadequate because they could just as easily make the sticky iframe only follow your mouse when it’s inside the box region that would normally correspond to the link. I.e. put it in the mouse move event of the <a>, not the entire <body>.
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Re:8===D O: == Muhammad by clone53421 · 2010-06-01 03:42 · Score: 1

I want to know what domain to AdBlock on 3rd-party websites to block this sort of thing for good. Basically I want to disable all of Facebook’s javascripts that 3rd-party sites are trying to embed. If somebody knows off the top of their head, it’d be very helpful... but if not I guess I’ll have to figure it out myself. I’m not going to install NoScript, so don’t bother telling me to do that.
Fuck Facebook and its attempted invasion into every other part of my life. I like Facebook just fine but it isn’t an integrated part of my life and I only want to use it in the browser tab that actually has Facebook loaded up. It can keep the hell out of the rest of my tabs; when I want Facebook, I’ll find it – not the other way around.

--
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Re:StoneLion by tomhudson · 2010-06-01 04:20 · Score: 1

It's not that simple. Several European countries have followed our lead, and if Facebook doesn't comply, they face sanctions - and as we've seen in the news lately, that includes having their plug pulled in various countries, which certainly will affect both their revenue and their valuation.
What's Facebook worth if Canada, Europe, and chunks of South America all pull the plug? Way less than half, because the "network effect" cuts both ways.
It opens the doors for competitors that have better privacy policies, and are available in more countries.