Facebook offers HTTPS encryption

Powered by SC Magazine
 

Sacrifices some of its apps.

Facebook has taken heed of calls to bolster its security, announcing an "opt-in" session encryption feature that temporarily threatens the functionality of many of its apps customers.

"If you've ever done your shopping or banking online, you may have noticed a small "lock" icon appear in your address bar, or that the address bar has turned green," explained Facebook security engineer, Alex Rice, on Wednesday.

"This indicates that your browser is using a secure connection ("HTTPS") to communicate with the website and ensure that the information you send remains private."

Facebook's new security feature comes at a price for both customers and users, according to Rice, which may explain why Facebook had not deployed the feature earlier.

"Some Facebook features, including many third-party applications, are not currently supported in HTTPS. We'll be working hard to resolve these remaining issues," said Rice.

Another cost to users was that encrypted pages may take longer to load. "You may notice that Facebook is slower using HTTPS," Rice warned.

Facebook's opt-in strategy appears to have been aimed at harm-minimisation for its apps customers, with the feature requiring activation via Facebook's Account Settings page.

The new security feature follows concerns raised over Facebook's lack of HTTPS after session hijacking tool Firesheep was released last year. The tool exploited security gaps available when users accessed Facebook from public WiFi hotspots.

Rice recommended users consider enabling the option if they regularly accessed Facebook from, for example, at libraries or coffee shops.

The new feature would be available in the coming weeks while a default encrypted session may be on the cards, according to Rice.

"We hope to offer HTTPS as a default whenever you are using Facebook sometime in the future," he said.

Copyright © iTnews.com.au . All rights reserved.


Facebook offers HTTPS encryption
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 327

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  56%
 
No
  44%
TOTAL VOTES: 135

Vote