Pfizer seeks full approval of vaccine
Out-of-control Chinese rocket to crash
Jupiter's Legacy review
Mayweather vs. Paul memes
Last-minute Mother's Day gifts
Stimulus check updates
Facebook adds new user security features
Warnings will pop up to block malware attacks, while security codes via text messages can be used for new device log-ins.
Elinor Mills

May 12, 2011 10:02 a.m. PT

This is the type of warning you will see if Facebook detects a type of malware attack that requires user action.
Facebook is launching several new security features today designed to protect users from malware and from getting their accounts hijacked.
First, the site will display warnings when users are about to be duped by clickjacking and cross-site scripting attacks in which they think they are following a link to an interesting news story or taking action to see a video and instead end up spamming their friends.
For example, a scam was circulating yesterday in which Facebook users were inadvertently commenting on what looked like a news site with details of the iPhone 5. Clicking on the link leads to a page with a captcha window and if it is clicked the spam is then spread on a user's Facebook page. Another one was spreading today that urged people to verify their accounts by clicking on something. Facebook was quickly removing those posts.
In cross-site scripting (XSS) attacks, people are often asked to cut and paste Javascript or another type of code into their browser Web address bar in order to see a video or get a free product, for instance. But the code ends up doing something else entirely.
Both types of attacks take advantage of a vulnerability in the Web browser, and Facebook says it is working with the major browser companies to fix the underlying issue. Internet Explorer 9 already has some protections against this in place.
But now, Facebook will display a warning to users if it detects that suspicious activity is going on behind the scenes. To block clickjacking, the site will ask users to confirm their "like" before posting a story to their profile and their friends' News Feeds. And to prevent XSS attacks, Facebook will ask users to confirm that they meant to take the action.
Facebook also is offering two-factor authentication called "Login Approvals," which if turned on will require users to enter a code whenever they log into the site from a new or unrecognized device. The code is sent via text message to the user's mobile phone.
Facebook is now warning users when a link they are clicking on appears to lead to malware.
Finally, Facebook is partnering with the free Web of Trust safe surfing service to give Facebook users more information about the sites they are linking to from the social network. When a user clicks on a potentially malicious link, a warning box will appear that gives more information about why the site might be dangerous. The user can either ignore the warning or go back to the previous page.
The information from Web of Trust, which has rated more than 31 million sites, is in addition to Facebook's internal black list of sites that it blocks users from sharing.
COMMENTS
Malware
Facebook
Cybersecurity
MORE FROM CNET
Stimulus check updates
Upgrade to Windows 10 for free right now
Best VPN service of 2021
The best Wi-Fi routers for 2021
Windows 10 tips and tricks
ABOUT
About CNET
Newsletter
Sitemap
Careers
Help Center
Licensing
POLICIES
Privacy Policy
Terms of Use
Cookie Settings
Do Not Sell My Information
FOLLOW
© 2021 CNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED.
COVID-19ALL THE BEST PRODUCTS Award winners Best 5G phone Best air purifier Best antivirus Best balance transfer credit card Best cash-back credit cards Best cordless vacuum Best fire pit Best headphones Best laptop Best massage gun Best mattress Best meal kit delivery service Best mesh Wi-Fi Best noise-canceling headphones Best office chair Best online glasses Best Peloton alternative Best printer Best router Best rowing machine Best smart home gym Best speakers Best TV Best TV streaming service Best VPN Best web hosting Best wireless earbuds ALL REVIEWS Appliances Audio Cameras Cars Desktops Drones Headphones Laptops Media Streamers Monitors Networking Phones 5G Phones Printers Smart Home Speakers Tablets TVs VPNs Wearables & VR Web Hosting ALL NEWS 5G Apple Computers Culture Cybersecurity Games Google Internet Microsoft Mobile Sci-Tech Tech Industry MORE Newsletters Now What Photo Galleries Special Features Videos ALL HOW TO 5G Mobility Appliances Computers Gaming Home Entertainment Internet Mobile Apps Personal Finance Phones Photography Security Smart Home Streaming TV Tablets Wearable Tech ALL PERSONAL FINANCE Banking Credit Cards Investing Loans Mortgages Taxes Your Money ALL HEALTH AND WELLNESS Caregiving Dental Care Fitness Nutrition Parenting Personal Care Sleep CNET HOME Home Energy & Utilities Home Internet Home Security Kitchen & Household Smart Home Yard & Outdoors ROADSHOW Reviews Video News Pictures Recalls AutoComplete Carfection Cooley On Cars Car Audio Electric Cars Auto Buying Program BEST CARS Best Affordable Cars Best Crossovers Best Electric Cars Best Family Cars Best Fuel-Efficient Cars Best Hybrids Best Sedans Best SUVs Best Trucks ALL DEALS The Cheapskate Antivirus Deals Identity Theft Protection Deals Mattress Deals Meal Kit Deals Password Manager Deals Pillow Deals Prescription Glasses Deals Tax Service Deals VPN Deals Web Hosting Deals ALL COUPONS Adidas Coupons AliExpress Coupons DoorDash Promo Codes eBay Coupons ExpressVPN Coupons Nike Coupons Office Depot Coupons Overstock Coupons Postmates Coupons Samsung Coupons Staples Coupons Verizon Promo Codes Vistaprint Coupons Walmart Coupons 5G Sign Out English France Germany Japan Korea