 Ivybridge_I7Cyber-Crime Researcher OpSec
Premium Member
join:2004-06-09
Daytona Beach, FL
kudos:2 |
Facebook new SSL encryption, Just a False sense of security?Facebook HTTPS: False sense of security? by Dennis O'Reilly February 4, 2011 3:34 PM PST The rollout of Facebook's new Hypertext Transfer Protocol Secure encryption is about complete. While encryption is a welcome addition to the social network, it is far from a Facebook security panacea. To enable encryption in Facebook, click Account in the top-right corner and choose Account Settings. Select Change next to Account Security to view your current settings. Check the option under Security Browsing (https). You may also want to check "Send me an email" under "When a new computer or mobile device logs into this account" to be alerted to possible unauthorized access to your account. Read more: » news.cnet.com/8301-13880 ··· D7CfNhT5Note to this post: I would agree that their is a 'False sense of security' with Facebook because when you enable S.S.L. and then run something like a game App it will automatically disable the encryption . You will then have to go back and re-enable S.S.L., then log off and log back in to have a secure connection again. |
|
 therube
join:2004-11-11
Randallstown, MD ·Xfinity
 ·Verizon Online DSL
|
Well you might have encryption, & you might have security, & you might have privacy, but they are not one in the same. People may assign connotations to a word that should not be. (I have no idea what an "app" is, but by use of an "app", it [goes into your FB settings &] disables encryption?) NoScript can Force HTTPS (& even HTTPS cookies, but note that not every site will respond or respond favorably to being forced.) |
|
 chrisretusnRetired
Premium Member
join:2007-08-13
Philippines
kudos:1
|
to Ivybridge_I7
said by Ivybridge_I7:Note to this post: I would agree that their is a 'False sense of security' with Facebook because when you enable S.S.L. and then run something like a game App it will automatically disable the encryption . You will then have to go back and re-enable S.S.L., then log off and log back in to have a secure connection again. That as for as I can tell in not true. Many apps, particularly third party apps are not HTTPS enabled and therefore your connection while using that app is not secure. It does not go in to your settings and disable the use of HTTPS for your account. In fact Facebook warns you of such these non HTTPS apps and requires that you acknowledge that using the app will be non-secure. If fact all Facebook apps need conformation on first use. At least all of the ones I have tried. You can back out before committing to the app. You can also turn off apps in your Privacy settings. A lot of questions can be answered using Facebook's help pages. » www.facebook.com/help/ |
|
 Cabal
Premium Member
join:2007-01-21 |
to Ivybridge_I7
Great news, this was a fairly timely response to the Firesheep issue, given their 500 million users. |
|
Ivybridge_I7Cyber-Crime Researcher OpSec
Premium Member
join:2004-06-09
Daytona Beach, FL
kudos:2 |
to chrisretusn
said by chrisretusn:That as for as I can tell in not true. Many apps, particularly third party apps are not HTTPS enabled and therefore your connection while using that app is not secure. It does not go in to your settings and disable the use of HTTPS for your account.
Clearly that was my point that third party apps,like Cityville should also have encryption if they are tied to your Facebook account. As far, as disabling SSL, when in encryption, if you go to a third party app like Citiville, yes it will take your account out of S.S.L., then it will disable it completely. You will have to go back into your account and enable S.S.L again to establish a encrypted session. I just did it with my account, and I had to re-enable S.S.L after using the City-Ville app. Would you call that a "False sense of security"?  |
|
 VikingBob
Premium Member
join:2004-06-05
Ste Anne, MB
kudos:1 |
Facebook... distracting you with a candy with one hand, while the other hand picks your pocket... |
|
chrisretusnRetired
Premium Member
join:2007-08-13
Philippines
kudos:1 ·PLDT
|
to Ivybridge_I7
OK I stand corrected. I does indeed turn off HTTPS in your account settings. How it this a false sense of security. Facebook clearly states what it is about to do. 
It is your choice to use the app or not use the app.
|
|
therube
join:2004-11-11
Randallstown, MD ·Xfinity
·Verizon Online DSL
|
That says it is switching "to a regular connection (http)". Is that just a warning that the link you are to follow is no longer secure (the same as if you navigated away from FB to say, dslreports.com), or is it saying that by clicking the link it will reset your FB settings, (from) https? |
|
 Dude111An Awesome Dude
Premium Member
join:2003-08-04
kudos:14 |
to Ivybridge_I7
I believe its a false sense of security YES,just like GOOGLE's SSL: Nothing but crap to get people to do something they wouldnt do otherwise cause they think its private.... |
|
Ivybridge_I7Cyber-Crime Researcher OpSec
Premium Member
join:2004-06-09
Daytona Beach, FL
kudos:2
1 edit |
said by Dude111:I believe its a false sense of security YES,just like GOOGLE's SSL: Nothing but crap to get people to do something they wouldnt do otherwise cause they think its private....
Exactly, once you come back to the Facebook site, it should automatically switch back to S.S.L. for a encrypted session. I real don't want to keep going back and re-enabling the S.S.L on the account page each and every time I want to play City-Ville. This would mean that Facebook's new S.S.L. security is almost self defeating if you are lazy person who get's annoyed each and every time they have to re-enable their encrypted session |
|
·
·
