HTTPS on facebook, FINALLY here

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

(1/1)

Josh:
Facebook finally provided a way to keep any random jerk in the café from hijacking your account. But you have to go out of your way to enable this protection, and you might have to wait. Still: Jump on this.

Facebook has at long last offered an option to use the encrypted "HTTPS" protocol, a feature it will begin rolling out today but won't finish for a "few weeks." You should check now if it's available, and sign up as soon as it is enabled for your account. The performance overhead is minor—zippy Gmail, for example, uses HTTPS for everything—and it's an important step to keep your Facebook account safe from being hijacked on an open or poorly secured wireless network.

By default, Facebook sends your access credentials in the clear, with no encryption whatsoever. Switching to HTTPS is important because a browser extension called Firesheep has made it especially easy for anyone sharing your open wireless network—at cafe or conference, for example—to sniff your credentials and freely access your account. One blogger sitting in a random New York Starbucks was able to steal 20-40 Facebook identities in half an hour. HTTPS solves this longstanding problem by encrypting your login cookies and other data; in fact the inventor of Firesheep made the software to encourage companies like Facebook to finally lock down their systems.

--- End quote ---

Source

housetier:
Speaking of HTTPS I wan to suggest HTTPS Everywhere from the Electronic Frontier Foundation. It switches to HTTPS for a lot of sites.

Renegade:
I kind of wonder about the wisdom in releasing code like that. It's not like I'm going to scream "foul" or anything, but it does seem to be somewhat reckless. A screencast really is sufficient. If a company/website does nothing about it, then sure -- I can see releasing the code eventually. It just seems that it's becoming rather common for people to release software that is way too open to abuse.

Deozaan:
Speaking of HTTPS I wan to suggest HTTPS Everywhere from the Electronic Frontier Foundation. It switches to HTTPS for a lot of sites.-housetier (February 01, 2011, 02:57 PM)
--- End quote ---

I wish they made this for Chrome.

Deozaan:
HTTPS for Facebook is worthless. All the links redirect you to the insecure http website.

Navigation

[0] Message Index

Go to full version