Facebook continues to become more and more popular every year. Individuals, businesses and the entertainment industry have latched on to the popularity and are reaching millions of users every day. As with any website, however, Facebook has had an issue with hacking, viruses, phishing and malware. Facebook is particularly a dangerous place to have your account hacked because of the wealth of personal information that is available on that page about those who are regular Facebook users. Recently, a security firm was hired by Facebook to find holes in their security, after all, it is in their best interest to keep their users information safe.

Break Security found several dangers linked to cross-site scripting holes. These are essentially “pathways” that connect a user’s Facebook page with other websites. One issue was in the Facebook Chat window where attackers could send messages to users that weren’t checked by Facebook protocols. They do this by disguising JavaScript commands to links they put in code-form into the links. It’s common that they would add a message as well geared specifically for the user.  A message like, “Stop Animal Abuse in [your city] Now!” Sign this petition. Once the animal lover clicks on the link, it would cause href parameters to be inserted into their computer or network.

Another problem was in the “Check In” service, a feature of Facebook where users can announce to their friends online where they are at any given time. The hackers created locations, inserting JavaScript code into the settings of that location. When Facebook users checked in to that location, it would execute an XSS code that would embed itself into their computer. The last problem they found was with the “pathway” between Facebook and Messenger, the Windows IM program. Hackers created fake Facebook pages (with JavaScript code as part of the page name) and sent Instant Messages to many users who were infected as soon as they logged on to Messenger.

You can follow any responses to this entry through the RSS 2.0 feed.