Security Experts Fear IFrames on Facebook Pages Could Spell Trouble

[Peaches]

Security Experts Fear IFrames on Facebook Pages Could Spell Trouble

On Thursday, Facebook announced that Page admins can start creating Page Tabs which load apps inside iframes instead of the more restrictive FBML (Facebook Markup Language).

"[...] You can now build apps that run across Facebook (including Pages and Canvas applications) using the same simple, standards-based web programming model (HTML, JavaScript, and CSS)," Facebook's Nikolay Valtchanov said.

However, while Facebook developers were happy to hear about the changes, some security experts didn't share the enthusiasm.

"While this is no doubt great news for legitimate developers it will undoubtedly make life for those with malicious intent much easier too," notes Rik Ferguson, senior security advisor at antivirus vendor Trend Micro.

"No more likejacking required, no more having to persuade users to install your app, if a criminal can make the bait sweet enough just to get you to visit the page, that is all they will require to start the chain that leads to your computer being compromised and used for criminal purposes," he explains.

Story here: http://news.softpedia.com/news/Security-Experts-Fear-IFrames-on-Facebook-Pages-Could-Spell-Trouble-183981.shtml