topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday December 13, 2024, 2:45 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

« previous next »
Pages: [1] • bottom

Author Topic: HTTPS on facebook, FINALLY here  (Read 3655 times)

Josh

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Points: 45
  • Posts: 3,411
    • View Profile
    • Donate to Member
HTTPS on facebook, FINALLY here
« on: February 01, 2011, 02:04 PM »
Facebook finally provided a way to keep any random jerk in the café from hijacking your account. But you have to go out of your way to enable this protection, and you might have to wait. Still: Jump on this.

Facebook has at long last offered an option to use the encrypted "HTTPS" protocol, a feature it will begin rolling out today but won't finish for a "few weeks." You should check now if it's available, and sign up as soon as it is enabled for your account. The performance overhead is minor—zippy Gmail, for example, uses HTTPS for everything—and it's an important step to keep your Facebook account safe from being hijacked on an open or poorly secured wireless network.

By default, Facebook sends your access credentials in the clear, with no encryption whatsoever. Switching to HTTPS is important because a browser extension called Firesheep has made it especially easy for anyone sharing your open wireless network—at cafe or conference, for example—to sniff your credentials and freely access your account. One blogger sitting in a random New York Starbucks was able to steal 20-40 Facebook identities in half an hour. HTTPS solves this longstanding problem by encrypting your login cookies and other data; in fact the inventor of Firesheep made the software to encourage companies like Facebook to finally lock down their systems.

Source

housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
Re: HTTPS on facebook, FINALLY here
« Reply #1 on: February 01, 2011, 02:57 PM »
Speaking of HTTPS I wan to suggest HTTPS Everywhere from the Electronic Frontier Foundation. It switches to HTTPS for a lot of sites.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,291
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: HTTPS on facebook, FINALLY here
« Reply #2 on: February 01, 2011, 06:03 PM »
I kind of wonder about the wisdom in releasing code like that. It's not like I'm going to scream "foul" or anything, but it does seem to be somewhat reckless. A screencast really is sufficient. If a company/website does nothing about it, then sure -- I can see releasing the code eventually. It just seems that it's becoming rather common for people to release software that is way too open to abuse.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,778
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: HTTPS on facebook, FINALLY here
« Reply #3 on: February 01, 2011, 06:50 PM »
Speaking of HTTPS I wan to suggest HTTPS Everywhere from the Electronic Frontier Foundation. It switches to HTTPS for a lot of sites.
-housetier (February 01, 2011, 02:57 PM)

I wish they made this for Chrome.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 9,778
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: HTTPS on facebook, FINALLY here
« Reply #4 on: February 01, 2011, 07:26 PM »
HTTPS for Facebook is worthless. All the links redirect you to the insecure http website.
Pages: [1] • top
« previous next »