In a recent attack, millions of Facebook users were left exposed to a cross site scripting vulnerability affecting the user interface of the site's Job page. Among other things, the vulnerability gave the attackers the ability to install malicious software as well as trick users into handing over their credentials through fake logins. The social networking site plugged the hole May 23.
The takeaway is that the same threats plaguing Web 2.0 are amplified on social networking sites. Why? Because these sites rely on the prolific and rapid spread of information between users. And unlike other pages, malicious software is bound to be exposed to a high volume of people on these sites.
That said, it's safe to say that users can expect more than a poke once these vulnerabilities are detected by attackers. Reflecting the growing Web 2.0 threat, attackers will continue to find and exploit cross site scripting vulnerabilities on social networking sites. Once exploited, users will generally become the recipients of malicious downloaders, often unbeknownst to them, such as information stealing code or keystroke loggers.
