Share :
Rating: 4/5 1 Votes

Facebook Applications creating posts with fake delete buttons

Facebook Applications creating posts with fake delete buttons

Presumably trying to take advantage of the fact that facebook is always changing and modifying their design and the fact that people are quick to delete any offensive content, some facebook apps are starting to create fake delete buttons. What happens is someone receives a post on their facebook wall full of profanity, writen to appear as if the originator is upset with them. The post will even taunt them into wanting to click the delete button using language to indicate that it's impossible to do. Clicking on the delete button just results in the user receiving an alert/message box telling them "failed to remove" followed by some profanity. The fake post then goes through and reposts the message to all other contacts the facebook user has. Esentially this acts like a worm and spreads through the social networking website like a plague.

An example of the messages is included below with the names and images blurred out to protect the identities of those involved.

Click the image to get the full view in a new window.

The trick here is preventing these issues, and from the look of it, the buttons are inline html and javascript, and should have been filtered out or at least escaped when received by facebook on the server side, so that it does'nt turn into valid html code that is run on the user's view point.

A simple issue that should have never existed to begin with if proper security design was used.

The problem is telling people how to remove it, the trick is using the little X in the corner, however with the way social networks like Facebook constantly change their design telling people this is the sure fire way to do this does'nt work.

Last Updated: 05/12/2011 03:23 AM

Tags and Related Content:

Facebook security issue application XSS delete malicious

Your Ad Here

Most Recent Documents