Social media privacy issue awareness

Social Media Widget Jacking Issue

Most of us roam with our laptop and use hotspots or guest wireless networks. You need to read the following. Yes another security issue to worry about! It is a constant battle of cat and mouse to stay safe and secure online.

A while ago there was a Firefox (3rd party internet browser) extension that could easily hijack a strangers’ Facebook account who were on the same WIFI network, like a hotspot or guest wireless network. To quote Wiki: “Firesheep is an extension for the Firefox web browser that uses a packet sniffer to intercept unencrypted cookies from websites such as Facebook and Twitter. As cookies are transmitted over networks, packet sniffing is used to discover identities on a sidebar displayed in the browser, and allows the user to instantly take on the log-in credentials of the user by double-clicking on the victim’s name”

With the continued growth of smartphones, tablets and the increase of users working in public areas, everybody needs to be aware of the associated security risks with working in public spots.

A lot of Facebook accounts were indeed compromised. Facebook then responded by tightening the security settings and offered an option under Account Security for SSL (as discussed in previous blog). At the time of writing this is still optional, so I would assume that most accounts still don’t have this security feature enabled.

Widget jacking is a logical evolution of hijacked Facebook users. Facebook have no control of the code behind other website that embed “Likes” links. Those links are embedded lines of code called Widgets. Those widgets have never been secured with SSL, making users vulnerable once again to potential hijacking over the airwaves. This weakness is there for all social media widgets including Twitter, Pinterest, Youtube, not just Facebook as mentioned within this narrative.

I personally only ever click on “likes” within Facebook and only on my own friends pages.  Again personally I disable any third party apps/sites access to my Facebook account.

I also never use my own Facebook account to login to other websites, as if my Facebook account was ever compromised then the hacker could gain access to numerous other sites. It may be convenience, but it certainly poses more of a risk using one account to login to multiple sites.