Facebook FINALLY allows HTTPS as an option
Thanks to Geek.com for bringing this to our attention.
Some time ago, I did an article on Firesheep and the dangers of using an open Wi-Fi connection.
When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a “cookie” which is used by your browser for all subsequent requests.
It’s extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else.
This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called “sidejacking”) is when an attacker gets a hold of a user’s cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.
Well, it appears now that at least one of the sites ‘hackable’ by Firesheep, Facebook is allowing you to actually use HTTPS to login to their site by default as opposed to using something such as Blacksheep or HTTPS Everywhere.
It’s as simple as
- Log in to your Facebook account
- Go to account (upper right hand corner)
- Go to account settings
- Select Account security and click on the check box under Secure browsing.
You are now able to log in to Facebook using HTTPS as a default.
And there’s one more problem solved in the ‘security’ arena. Unfortunately, FB still isn’t the greatest when it comes to security but at least they’re making steps in the right direction.
Thanks for visiting.
- Click to share on Google+ (Opens in new window)
- Share on Facebook (Opens in new window)
- Click to share on Pinterest (Opens in new window)
- Click to share on Tumblr (Opens in new window)
- Click to share on Reddit (Opens in new window)
- Click to email (Opens in new window)
- Click to print (Opens in new window)
- Click to share on Twitter (Opens in new window)
- Click to share on Pocket (Opens in new window)
~ by Normanomicon on January 31, 2011.
Posted in Blogging, Computing, Geek, Hacking, Internet, Practical, Security, Technology
Tags: Death Valley, encryption, Facebook, firesheep, geek.com, HTTP Secure, postaday2011, postaweek2011, security, Session hijacking, Session management, Social network, User (computing), Website, wi-fi