Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Likejacking Attack. Show all posts

Zscaler Likejacking Prevention Tools available for Opera Browser

Along with Firefox, Chrome and Safari, Zscaler Likejacking Prevention is now also available for Opera. You can download it on the official Opera add-on site.

Facebook widgets, including the "Like" buttons, are often used to spread spam and propagate scams. Typically, the scammer creates a page with a fake video player. Users are tricked into clicking on Facebook Like buttons hidden behind a fake Play button. This is called Likejacking, and it's a specific form of clickjacking. The Zscaler tool prevents you from Likejacking attack.

The extension offer 2 primary features:
  • Information about the page: does it contain Facebook widgets? Are these widgets hidden?
  • Protection against hidden widgets: the application requires explicit confirmation from the user when clicking on a Facebook widgets on a suspicious page


The Opera version works the same as the Google Chrome version, with a similar popup to obtain more information about the Facebook widgets on the current page.

Limitations

There is one big limitation in Opera: the extension cannot detect hidden Facebook widgets in frames or iframes. This is due to restrictions in the Opera extension framework, which don't permit frames and iframes to be linked to the top window. Scripts can be injected in frames and iframes, but it is not possible to know which tab they belong to and the background page cannot communicate with the frames and iframes inside a tab.

In practice, 90% of the hidden Facebook widgets I've seen do not use layers of frames and iframes. Zscaler Likejacking Prevention will help users to stay safe from Facebook spam for the majority of spam pages