Yesterday Facebook made some important changes to the way in Facebook Pages, the fan pages set up by brands, bands and even cucumbers could be created.
In the past the tabs which could be added to these pages have been set up in two ways; the first used the Facebook FBML app. This allowed page tabs to be created using static Facebook Markup Language (FBML) or HTML, it wasn’t particularly engaging but it was very simple to use.
So what is the big change? Well Facebook now allow iframes to be included inside Facebook apps on page tabs, meaning that all that Facebook proxying can be avoided. While this is no doubt great news for legitimate developers it will undoubtedly make life for those with malicious intent much easier too.
No more likejacking required, no more having to persuade users to install your app, if a criminal can make the bait sweet enough just to get you to visit the page, that is all they will require to start the chain that leads to your computer being compromised and used for criminal purposes.
Of course Facebook ask their developers to agree to a code of conduct that prohibits such activities, but when it comes to criminals, that’s a bit like taking a driving license away from a joyrider.
I have informed Facebook of this oversight in their new functionality and will update this blog posting if I hear back from them.
Thanks to Stig Edvartsen for his eagle-eyes and Heidi Obschil-Müller for the iframe.