Facebook | Help and How To | Newsletter | Security | Security News | Social Media | Technology News

Easily protect yourself from widget jacking
by Niles Nerd

Do you roam with your laptop? Do you use hotspots or guest wireless networks? If you answered yes to both of these questions, then you need to read this. I know what you’re thinking: Another security issue I have to worry about? Everything I’ve done to keep my computer safe still isn’t good enough?

Image courtesy FreeDigitalPhotos.net

Image courtesy FreeDigitalPhotos.net


Not so long ago that we learned of Firesheep, a Firefox extension that easily hijacks strangers’ Facebook accounts who are on the same wireless network as the attacker, like at a coffee shop offering free WiFi. While the creation of Firesheep created a good deal of controversy, nobody argues that it brought necessary security awareness to users of websites and providers alike. With the rapid growth and adoption of smartphones, tablets and the continued growth of notebooks in public areas, we all need to be aware of associated security risks with taking your digital exchanges to the public airwaves.
As Firesheep downloads kept on increasing – and surely a lot of Facebook accounts were indeed compromised – Facebook responded by tightening the security settings and offered an option under Account Security like this:
Screen Shot to enable Facebook SSL

Screen Shot to enable Facebook SSL


What Facebook did was to SSL-secure their users’ browsing (or at least provided them an option to do so).
Widget jacking is a logical evolution of the way Firesheep hijacked Facebook users. While Facebook was able to respond with security upgrades on its own website, they have no control of the code behind other website owners such as websites that embed “Likes” links. Those links are embedded lines of code called Widgets. Those widgets have never been secured with SSL, making users vulnerable once again to potential hijacking over the airwaves.
We are using Facebook as an ongoing example here, but the weakness is there for all social media widgets including Twitter, Pinterest, Youtube, etc. Even our own blog includes such widgets.

The good news is that you can protect yourself from widget jacking very easily by following these steps:

  1. From your laptop’s browser visit www.disconnect.me
  2. Click on the Get Disconnect button that looks like this:
    Screen Shot 2013-01-10 at 9.07.39 PM
  3. Follow the on-screen instructions and restart your browser

The above browser extension is free and available to Firefox, Chrome and Safari. Your public hotspot visits are now safe from social media widget jacking! Enjoy.

Related Posts

8 Tips for Effective Studying from Home

8 Tips for Effective Studying from Home

The global pandemic has changed everything.  The way our kids are going to get their education, the where and the how, from elementary school to university, is no exception. In most areas, there are as of yet no concrete plans for what a return to school will look...

The Essential Cyber Security Checklist For Your Business

The Essential Cyber Security Checklist For Your Business

Operating a business guarantees that you are vulnerable to a cyber attack, putting you at risk of a costly data breach. This year alone, 43% of data breach victims were small businesses, discovered by the 2019 Verizon Data Breach Investigations Report. Some of the...

How to Make Your Passwords More Secure

How to Make Your Passwords More Secure

Your business’s security is only as good as the passwords protecting it. If your company practices poor password hygiene, it’s easy for attackers to gain access to sensitive information, data, and even finances. Creating strong, unique passwords is necessary for every...