Facebook has said that it has banished the majority of pornographic and violent images that flooded the world's biggest social network as part of a spam attack.
The social network blamed a vulnerability in its browser technology and claimed that it is improving its security system to better defend against similar attacks in the future.
Some people had suggested that the Anonymous hacking group was behind the flood of images appearing in users' news feeds, including photoshopped images of celebrities, including teenage singer Justin Bieber, in sexual positions, and photos of mutilated animals.
However, a source told BBC News that Facebook knows who was responsible for the spam, and confirmed that it was not a member of Anonymous.
The BBC said that Facebook's legal department is now looking into taking action against the suspected hacker.
Facebook said that the "co-ordinated spam attack" was made possible due to a "self-XSS vulnerability in the browser".
The firm said that users "were tricked into pasting and executing malicious javascript in their browser URL bar causing them to unknowingly share this offensive content".
It confirmed that "no user data or accounts were compromised during this attack".
"We've built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it," the firm added in a statement.
"We have also been putting those affected through educational checkpoints so they know how to protect themselves. We've put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defences to find new ways to protect people."
Facebook also advised users to never copy and paste "unknown code" into their address bars, and always report any suspicious behaviour or links on their accounts to Facebook.
Chester Wisniewski, a senior security advisor at Sophos, warned that the browser vulnerability could be used against other websites and social networks beyond Facebook.
In a post on his company's blog, Wisniewski wrote: "Facebook has a reputation for maintaining a reasonably family-friendly environment and most Facebook users don't expect dead dogs and penises showing up on their wall.
"Hopefully whichever browser it is that has the flaw will provide a fix ASAP, but as we know most people are slow to apply updates regardless of which browser they use (except [Google] Chrome).
"The flaw being exploited could likely be used against other sites as well if users can be tricked into pasting malicious JavaScript into the browser."
The social network blamed a vulnerability in its browser technology and claimed that it is improving its security system to better defend against similar attacks in the future.
Some people had suggested that the Anonymous hacking group was behind the flood of images appearing in users' news feeds, including photoshopped images of celebrities, including teenage singer Justin Bieber, in sexual positions, and photos of mutilated animals.
However, a source told BBC News that Facebook knows who was responsible for the spam, and confirmed that it was not a member of Anonymous.
The BBC said that Facebook's legal department is now looking into taking action against the suspected hacker.
Facebook said that the "co-ordinated spam attack" was made possible due to a "self-XSS vulnerability in the browser".
The firm said that users "were tricked into pasting and executing malicious javascript in their browser URL bar causing them to unknowingly share this offensive content".
It confirmed that "no user data or accounts were compromised during this attack".
"We've built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it," the firm added in a statement.
"We have also been putting those affected through educational checkpoints so they know how to protect themselves. We've put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defences to find new ways to protect people."
Facebook also advised users to never copy and paste "unknown code" into their address bars, and always report any suspicious behaviour or links on their accounts to Facebook.
Chester Wisniewski, a senior security advisor at Sophos, warned that the browser vulnerability could be used against other websites and social networks beyond Facebook.
In a post on his company's blog, Wisniewski wrote: "Facebook has a reputation for maintaining a reasonably family-friendly environment and most Facebook users don't expect dead dogs and penises showing up on their wall.
"Hopefully whichever browser it is that has the flaw will provide a fix ASAP, but as we know most people are slow to apply updates regardless of which browser they use (except [Google] Chrome).
"The flaw being exploited could likely be used against other sites as well if users can be tricked into pasting malicious JavaScript into the browser."
No comments:
Post a Comment