Facebook iFrames: Good For Business, Bad For Security?
Legitimate developers will be pleased with the expanded flexibility, but malicious ones will find it easier to introduce malware, security experts warn.
When Facebook made a series of changes to its platform for applications and business pages in February, developers by and large cheered, but some security folks groaned.
- The Untapped Potential of Mobile Apps for Commercial Customers
- The State of Community Management in Social Business
- The Oracle Insurance Survey: Overcoming IT Hurdles to Success
- The Case for Outbound Content Management
- Strategy: Heading Off Advanced Social Engineering Attacks
- Strategy: Building and Maintaining Database Access Control Permissions
I saw Ferguson's post shortly after it appeared and felt inclined to dismiss it, since at the time I was having fun experimenting with the possibilities of iFrame-based integration, including a WordPress plugin that exploits this capability.
But I heard the case against IFrames again last week in a conversation with Perimeter E-Security chief technology officer Andrew Jaquith. "Let's face it, iFrames are basically evil -- they always have been," he said.