Facebook moves all users to HTTPS for added security

The move adds a layer of encryption to data transfer, making the information harder to see by attackers
  • Jared Newman (PC World (US online))
  • — 20 November, 2012 21:27

Just in time for holiday travels, Facebook is moving all users to HTTPS connections to help block attacks over Wi-Fi networks.

HTTPS is a secure version of the Hypertext Transfer Protocol, the essential method your browser uses to connect with websites. At the expense of a little speed, it adds a layer of encryption to data transfer, making the information harder to see by attackers on the same wireless network.

Without HTTPS, gathering information over a local network is surprisingly simple. Packet sniffers such as Firesheep and FaceNiffare designed specifically for this purpose, and require very little technical know-how. Indeed, these tools caused a bit of a stir when they first emerged, because they made it so easy to discover other peoples login details or other sensitive information over standard HTTP connections.

As a result, more Web services have adopted HTTPS, beyond just financial institutions and e-commerce sites. In 2010, Gmail made HTTPS the default for all users. Twitter did the same this year.

Facebook added HTTPS as an option last year, but at the time, many third-party apps didnt support the protocol. All apps have since been required to support HTTPS, and now Facebook is rolling out the added security measure to all users.

Encryption does add load time to Web pages, so there is a small tradeoff of speed for security. For that reason, users will have the ability to opt-out of HTTPS in their account settings, according to TechCrunch.

To see if the site youre on is using an HTTPS connection, just look at the address bar. For Facebook, you should see https://www.facebook.com if the connection is secure.

For added security on other sites, Chrome and Firefox users can install the HTTPS Everywhere add-on. This will automatically activate HTTPS on sites where its supported but not activated by default. If youre worried about virtual creepers, it could come in handy during holiday travels as youre bouncing between public Wi-Fi hotspots.

Tags: Internet-based applications and services, security, twitter, internet, social media, social networks, Facebook

Akamai admits its OpenSSL patch was faulty, reissues keys

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Audit Management Solutions

Manage the complete audit lifecycle from audit universe identification and risk assessment to management/board reporting and quality assurance.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.