- Email: [email protected]
Spreading fear on Facebook
FEATURE patching and node over-writing policies and procedures. It may also be worth reviewing contractual arrangements to ensure the SLA guarantees adequate security/post-incident protection. The cloud will certainly continue to grow in popularity as a means of providing IT resources to organisations of all types and sizes, in part because the compelling cost, flexibility and scalability benefits it can offer may be judged to outweigh any related risks. But it’s wise to adopt a specialised set of security policies in relation to your use of cloud technologies, to mitigate these
and other emerging risks in this swiftly evolving area.
products including Sophos, Citrix and Outlook web access.
About the author
References
Michael Jordon is head of research and development at Context Information Security and has 11 years’ experience in the IT security and software development industry. He built the Context App Tool (CAT), which is a web application security tool for performing manual application assessments. He has written papers and presented at various conferences including InfoSec, Black Hat, OWASP and RuxCon and has also released advisories in software
1. ‘Assessing Cloud Node Security’. Context Information Security, March 2011. Accessed Oct 2012. www. contextis.co.uk/research/whitepapers/assessing-cloud-node-security. 2. Jordon, Michael; Forshaw, James. ‘Dirty disks raise new questions about cloud security’. Context Information Security blog, 24 April 2012. Accessed Oct 2012. www.contextis.co.uk/ research/blog/dirtydisks.
Spreading fear on Facebook Danny Bradbury, freelance journalist Danny Bradbury
Facebook is one of the Internet’s biggest success stories. Started in 2004, the site now has over 900 million users, and an Alexa ranking of 2.1 No wonder it has been such a target for spammers and other malicious online actors. Facebook is a unique combination of social interaction and software. Attackers use both of these to exploit the site’s users. Scams use a combination of technology and social engineering to fool users into making themselves vulnerable online.
Clickjacking To take one notable example, Facebook has been one of the biggest targets for clickjacking, a technical attack that can dupe users into clicking hyperlinks that they haven’t seen. Clickjacking works using a transparent layer that is inserted over an element in an HTML page.2 The transparent layer can be given attributes including a hyperlink, meaning that when users go to click on the visible element, they are in fact clicking on the hyperlink in the transparent layer. Attackers accomplish this by putting the required elements in an
and other emerging risks in this swiftly evolving area.
products including Sophos, Citrix and Outlook web access.
About the author
References
Michael Jordon is head of research and development at Context Information Security and has 11 years’ experience in the IT security and software development industry. He built the Context App Tool (CAT), which is a web application security tool for performing manual application assessments. He has written papers and presented at various conferences including InfoSec, Black Hat, OWASP and RuxCon and has also released advisories in software
1. ‘Assessing Cloud Node Security’. Context Information Security, March 2011. Accessed Oct 2012. www. contextis.co.uk/research/whitepapers/assessing-cloud-node-security. 2. Jordon, Michael; Forshaw, James. ‘Dirty disks raise new questions about cloud security’. Context Information Security blog, 24 April 2012. Accessed Oct 2012. www.contextis.co.uk/ research/blog/dirtydisks.
Spreading fear on Facebook Danny Bradbury, freelance journalist Danny Bradbury
Facebook is one of the Internet’s biggest success stories. Started in 2004, the site now has over 900 million users, and an Alexa ranking of 2.1 No wonder it has been such a target for spammers and other malicious online actors. Facebook is a unique combination of social interaction and software. Attackers use both of these to exploit the site’s users. Scams use a combination of technology and social engineering to fool users into making themselves vulnerable online.
Clickjacking To take one notable example, Facebook has been one of the biggest targets for clickjacking, a technical attack that can dupe users into clicking hyperlinks that they haven’t seen. Clickjacking works using a transparent layer that is inserted over an element in an HTML page.2 The transparent layer can be given attributes including a hyperlink, meaning that when users go to click on the visible element, they are in fact clicking on the hyperlink in the transparent layer. Attackers accomplish this by putting the required elements in an