ZDNet: Facebook says it has made changes which will shut down the clickjacking attack that caused many user profile pages to display porn or violent images. It blamed the problem on a browser flaw that allowed cross-site scripting attacks. The company says that it knows who was behind the attack; other media reports say that the hacktivist group Anonymous did not orchestrate the attack.
Facebook said that “no user data or accounts were compromised during the attack.” Security experts say that users can avoid attacks like this by not cutting and pasting code that doesn’t appear to be a URL into their browser bars.