Thursday, January 27, 2011

Facebook enhancing security with HTTPS

Facebook announced that it will be rolling out the ability to use HTTPS for communication between your browser and their servers. This coming one day after facebook founder, Mark Zuckerberg's, facebook profile was compromised.

Previously facebook would secure you credentials after authenticating, but would than pass all other traffic over the Internet unencrypted. Using simple tools like firesheep (http://codebutler.com/firesheep), allows hackers to gain access to sites sending data over in clear-text after the initial encrypted credentials were secured. Many other sites need follow facebooks lead and jump on the SSL band wagon (twitter.com, gmail.com, flickr.com, etc..)

Facebook said that over the next couple weeks everyone will have the ability to activate HTTPS for their profile. As big a step as this is for one of the largest sites on the internet, the end goal should be to not only have voluntary HTTPS access, but to have a completely secure browsing experience. They need to work out some bugs (pages loading slower, apps not working, etc), but the vision should be to have end-to-end encryption during the entire session.

People are putting their entire lives on Facebook and the least they could do is make sure its secure.

No comments:

Post a Comment