Facebook now SSL-encrypted throughout
The Facebook social networking site now offers secure data transmissions via SSL, not only during log-in, but also for all its other pages. This means that even cookies are now transmitted in encrypted form and can no longer be read and exploited for fraudulent activities by attackers using such tools as Firesheep.
With this move, Facebook has further expanded its user security, after already introducing single-use passwords via SMS text messages and improved account control options in mid-October 2010.
To access all pages via SSL, users must manually enable the HTTPS option in their Facebook account settings. However, the SSL activation has one drawback: it doesn't work with all third-party Facebook applications. In the coming week, Facebook plans to offer the option to all its users worldwide. While users in the US already have access to the option, it was not yet available for UK or German user accounts when tested this morning (Thursday).
The switch began a day after an unknown user posted a message to Mark Zuckerberg's Facebook fan page. The post gave the impression that Zuckerberg is thinking about new sources of income and that he is contemplating turning Facebook into a "social business". Speculations that the hacker managed to access Zuckerberg's account via a weak password have not been confirmed. According to Facebook, a vulnerability allowed attackers to post messages to other accounts. The problem has reportedly been fixed.
- Microsoft responds to Firesheep cookie-jacking tool, a report from The H.
- Firesheep cookie-jacking tool triggers arms race, a report from The H.