Facebook Rolls Out Encrypted Connections
On Tuesday (Jan. 25), Facebook rolled out a new security feature which allows members to access the site using a secure, encrypted “https” connection, similar to the level of security granted by banks in online transactions.
Using Facebook over a secure connection could thwart “sidejacking” -- hackers’ efforts to crack into your online session by exploiting password-free, unencrypted Wi-Fi networks available in public places such as cafes and airports.
The secure connection is not enabled by default, but can be turned on under the “Account Security” header.
The encrypted-connection option adds to recently unveiled Facebook security measures, including one-time passwords, remote log-out and “social authentication.”
The latter feature requires users to name people who appear in their friends’ photos as a means of verifying themselves as legitimate account holders. It’s a variant of the "captcha" text-recognition system used by many websites to prevent intrusion by software “robots.”
Facebook’s new commitment to security arrived just in time for Data Privacy Day (Jan. 28), an international day of awareness that promotes data privacy.
The secure-login feature came the day after someone exploited an application-programming interface (API) error, since patched, to break into and compromise the fan page of CEO Mark Zuckerberg.
Sophos’ Naked Security blog points out that the API error makes the Zuckerberg hack more serious than it initially sounded. The error was presumably present on other public Facebook fan pages – such as that of French President Nicolas Sarkozy, which was hacked last week – and “could have potentially been used for the purposes of phishing, spam and even malicious attack.”
In other Facebook news, there’s an amateurish e-mail making the rounds that informs recipients that their Facebook passwords have been changed “for safety,” and then asks them to open an attachment to learn more. If opened, the file infects users’ computers with a Trojan.
