facebook logo

Eric Kerr pointed in his blog to a vulnerability in Facebook like button which basically allow an attacker to trick you into Liking something without your discretion.
How the attack works:
1. User navigates to your page, like button is embedded invisibly
2. As user moves mouse, JavaScript is used to keep the button beneath the user’s cursor.
3. User clicks what they believe is a link on the page and “Likes” the attacker’s content instead.
4. User doesn’t see any notification of Liking the content, which results in a News Feed story.
5. News Feed contains mention of attacker