Friday, February 4, 2011

Facebook https

When you do your Internet banking you (hopefully) do so over a secure encrypted connection. Amoungst other things, this ensures that no one else can see what you are doing. Unfortunately, other sites don’t usually do any encryption.

 

Enter Firesheep. This is a free utility anyone can download, install on their wifi enabled machine and basically take over your Facebook connection if you use it an open wifi hotspot like a coffee shop. Have a look at this article for more information on what is possible.

 

One way to thwart such attacks is to use a https (i.e. http with security) when using a service. Problem is most common social networking services don’t support a connection at their end. However, now Facebook does.

 

To enable this go into your Facebook account settings and select Account Security

 

image_2_2A2D3C03

 

Save the setting and then reconnect to Facebook. You should now see that you are connecting via https (i.e. securely).

 

image_4_2A2D3C03

 

Clicking on the security lock (i.e. certificate) shows:

 

image_6_2A2D3C03

 

This means all information sent from your browser to Facebook and back is encrypted and secure.

 

Hopefully it won’t be long before all the other majority sites also go secure. In reality there is no real technical reason why every site can’t be https. However, there are people out there who still really want to see where you browse and they have a fair amount of clout. Don’t forget that you still need to ENABLE this, so do it NOW and you’ll be much safer when you access facebook.

 

Hopefully the first steps to a fully https world!