“Likejacking” Term Catches On

Posted on June 2nd, 2010 at 12:12 PM by Corey Ballou

Back in late April, following Facebook’s f8 conference, a few articles began trickling out regarding possible security concerns with the new “Like” button. I had, at that time, unknowingly positioned myself as the potential originator of the term “likejacking.” In the comments section of How to “Like” Anything on the Web (Safely), I coined the term like-jacking; seeing a strong correlation between malicious usage of the button and clickjacking.

Little did I know that my term would be on the forefront of a media frenzy, where a plethora of articles would be posted in a matter of minutes regarding the subject. The frenzy can be attributed to the release of two articles from security experts at Sophos regarding the topic:

Facebook Worm – “Likejacking” May 31st, 2010
Viral clickjacking ‘Like’ worm hits Facebook users May 31st, 2010

An entry on Likejacking has made its way to Wikipedia. I urge security experts and web developers alike to please moderate and update the entry as it is in dire need of an overhaul. This will aid in a speedy addition to Wikipedia as well as a thorough, well-documented resource for web users to gain insight on this new security threat.

Please click here to contribute to the Likejacking Wikipedia article

Categories Security
Tags likejacking, web security
Comments 1 comment

Securing Your PHP Sessions

Posted on November 20th, 2009 at 06:57 PM by Corey Ballou

Many, if not all, of you have had to deal with creating a secure site login at some point in time. Although there are numerous articles written on the subject it is painstakingly difficult to find useful information from a single source. For this reason I will be discussing various techniques I have used or come across in the past for increasing session security to hinder both session hijacking and brute force password cracking using Rainbow tables or online tools such as GData. I use the word hinder due to the fact no foolproof methods exist for preventing session hijacking or brute force cracking, merely increasing degrees of difficulty. Choose a method wisely based on your site’s current or anticipated traffic, security concerns, and intended site usage. The following examples have been coded using PHP and MySQL. I more than willingly accept comments, suggestions, critiques, and code samples from readers like you as they benefit the community on the whole. more »

Categories MySQL, PHP, Security
Tags MySQL, PHP, Security, Sessions
Comments no comments

Recent Job Openings

cballou on twitter <a href="http://twitter.com/cballou" class="twitter-follow-button" data-width="100" data-align="right" data-button="grey" data-text-color="#FFFFFF" data-link-color="#52ADDA" data-show-count="false"></a> <script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>

http://t.co/gYyGifoG Sometimes you need to see things from someone else's perspective. Courtesty of NASA. about 1 day ago from Tweet Button
MusicForProgramming() is on compilation #4. I haven't downloaded to listen... is it any good? What kind of music? http://t.co/pteHryGD about 1 day ago from Seesmic twhirl
RT @hackernewsbot: Yale Discovers a Fungus That Eats Plastic... http://t.co/Er9cb3oO about 1 day ago from Seesmic twhirl
@rodnic66 Thanks for the linkage to lean canvas. about 2 days ago from Seesmic twhirlin reply to rodnic66
SSH trick: pipe microphone input of one machine to the speakers of another machine "dd if=/dev/dsp | ssh -C user@host dd of=/dev/dsp" about 2 days ago from Seesmic twhirl

“Likejacking” Term Catches On

Please click here to contribute to the Likejacking Wikipedia article

Securing Your PHP Sessions

Recent Posts

Recent Job Openings

Categories

Recommended Reading

Recent Posts

Daily Reads

Social