Tech Made Simple

Hot Topics: Holiday Gift Ideas | How to Fix Bluetooth Pairing Problems | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Facebook Security Update Fixes Firesheep Data Theft

by Steve Morgenstern on February 01, 2011

A nasty security flaw that let anyone on a shared network hijack your Facebook account is finally being fixed.

The breach was identified last October when software developer Eric Butler released a free Firefox extension called Firesheep, reportedly to bring this problem to light. With Firesheep, anyone can browse the activity of other people on the same Wi-Fi network – at your favorite coffee shop, for example -- and even read and write to their accounts. What’s more, using Firesheep doesn’t take any particular skill – it’s a simple point-and-click operation.

Facebook isn’t the only site affected. Amazon, Foursquare, Twitter and Wordpress are also vulnerable, among others. And while Firesheep targets particular web addresses, hackers could use the same technique to intrude on other sites. Only unsecured web browsing is vulnerable to this security flaw—in other words, sites you access via “http” addresses, not “https” addresses, which are encrypted. Product pages at Amazon, for example, are unsecured, but when you log in to your account there, it automatically switches to a secured connection.

Facebook didn’t provide the https option, though, and there was no way for users to enable it themselves. This change is now being implemented. Facebook will start offering a secure connection, but you have to request it. They could (and should) have made it the default choice, but so far, haven’t taken that step.

To enable encrytion for Facebook, go to Account Settings, and under Account Security check the box that says “Browse Facebook on a secure connection (https).” This feature is not yet available on all accounts. Facebook says it will be rolling out the https option to all users over the next few weeks.
Facebook Security setting

Of course, even when this fix is widely available, it doesn’t eliminate the underlying problem. When you’re surfing the web on a shared network, if the web address doesn’t start with “https,” it’s possible someone could be looking over your shoulder.


Topics

Computers and Software, News, Computer Safety & Support, Blog, Facebook


Discussion loading

gravatar

From Mark Nicholson on February 02, 2011 :: 2:20 am


Facebook has been TRYING to deal with the issues at hand, but to what extent? They don’t deal with any of the privacy issues, only affecting the security questions. Can’t wait for Mycube to finally be released… seems like a social network i might be able to entrust my data with

Reply

New Articles on Techlicious

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.