XSS Attacks Are The Most Popular On Facebook

The biggest social networking site on the web right now is of course Facebook. When you talk to anyone who is not part of the computer world about social networking the first site they are going to think about is Facebook. It is so big there was even a movie made about it recently. So of course when people are trying to meet up online, Facebook is the place where they are going to go to. But since that it is the case, normal computer users are not the only ones that are going to visit Facebook.

The bad guys are going to visit Facebook as well. When there is that large a group of people where they can launch their attacks at then it only makes sense for them to be there. For most of the web attacks that you see, they are only effective when they are able to catch a lot of fish in the net. So to do that, you need a large web site to throw the net at. These days that site is usually Facebook. There are several different ways the bad guys can attack you on Facebook. There are phishing attacks, fake links, and spamming attacks among many others. The one that I am going to focus on in this article is called a XSS attack. In this article I will talk about what that is and how you can stop it from affecting you.

XSS Attacks Are The Most Popular On Facebook

What is an XSS attack?

While you might not know about it, these days on the web there is a pretty good chance that you are going to run into an XSS attack. Sometimes it will attack you and sometimes it will not. It all depends on what browser you are using at the time. Some attacks are made for certain browsers while some attacks will affect all of them.

It is not exactly easy to describe what the attack is exactly but I will try my best to put it in simple terms that everyone can understand. First of all, even though it is known as a XSS attack, it really should be labeled a CSS attack. These letters stand for Cross Site Scripting attack. That is a better description of what the attack is about. Unfortunately the letters CSS are already in use when it comes to web technology, so the person who first reported about CSS attacks decided to label it XSS.

What the attack does is allow a black hat hacker to place code on someone else’s web site. Then when a visitor comes to this web site, they are attacked by this code. The black hat hacker is able to do this through the use of unprotected input forms. When you place your data on a web site such as a user name or password, you do it through the use of an input form. If the input form is not properly guarded then someone else can place different types of text data than is supposed to go into them. Some of that data is malformed JavaScript that can cause your browser to do things that will harm it and you. So this is why it is important for a web site to be protected from these types of attack. Because more than any other attack out there that comes from a web site, it affects your users in very negative ways. And the worst part about it is that if you are the web site owner, you might not even know about the attack. It does not become an issue until your visitors start to complain about it. And they might think that you are the one who set it up.

XSS attacks on Facebook

When we are talking about a web site the size of Facebook, there are going to be many mistakes that is made in the coding of the site. Also let’s add to the fact that there are many third party components of Facebook as well. These third party components consist of apps, groups, advertisers, and many others. All of these can lead to either an XSS attack on Facebook itself or leading you to another web site which will deliver the XSS attack.

This all means that you have to be really careful when you are visiting Facebook. Even though it seems as if it is a large and trusting web site, there are many ways where you may get caught by an attack. This is why you should treat Facebook the same as you do the rest of the web. You should not trust every link that is out there. Even if the link is coming from your friend, you have to remember that they could have fell victim to some sort of attack as well. So make sure you check any link before you click on it no matter where it is from. Also check any groups or apps that you use on Facebook as well. If they seem sketchy or have bad reviews then you might want to skip over them.

While Facebook is an overall great web site, you should still be careful when you visit it. It can be just as dangerous as any other web site on the net.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind