In line with Data Privacy Day this Friday, Facebook announced its rollout of Secure Sockets Layer (SSL) capability for all of its services. Facebook has taken some heat for its lack of SSL support, especially with the release of FireSheep, which we covered here. Facebook does warn that encrypted pages will take slightly longer to load, which is a small price to pay for the added security.
According to the official Facebook post, there should soon be a check box titled Secure Browsing (https) under the Account Security section of Account Settings. This setting specifies that all future connections be redirected to HTTPS. It should be noted that this rollout has just begun and that this option is not yet available to everyone. It may take some time before this option is made available to everyone.
In the absence of the Secure Browsing setting, manually changing the URL to https:// seems to work but with mixed results. The main profile page will successfully load with no problems. Unfortunately, things start to get sketchy from there. Many links are relative and will keep the user in the secure browsing environment. Other links, however, are absolute and remove the protection of SSL. Hopefully, Facebook will fix these issues soon or at least makes it more clear when SSL support is not available.
Facebook also warned that some third-party applications and their own chat functionality currently don’t work if SSL is enabled. Users should be aware of this and take appropriate precautions if they can’t use SSL for those reasons.
Post from: TrendLabs | Malware Blog – by Trend Micro
Facebook Now Officially Supports HTTPS for Users
Full story: TrendLabs | Malware Blog – by Trend Micro
Related Posts
- Facebook announces two-factor authentication
Facebook will be rolling out the two-factor authentication option which, once turned on, will ask users to insert a code when they try to log into the social network from a new device. No details were... - An open letter to Facebook about safety and privacy
Dear Facebook,
As you know, for some years we have been discussing with your security team our concerns about safety and privacy on Facebook.
Every day, victims report to us numerous incidents of crim... - Facebook Users Get Invited to a Spam Event
For sometime now we’ve been reporting threats targeting Facebook users, most of which result in users unknowingly spreading spammy links to their networks. We’ve seen different social engi... - Facebook HTTPS is a Bit More Done…
Our February 23rd post noted that Facebook's SSL "Secure Browsing" preferences had some issues remaining persistent.
There's been some encouraging progress since then, and this is now what happ... - Facebook HTTPS: Is Done Better Than Perfect?
My Facebook account finally provided me with the option to use an HTTPS connection "whenever possible" last week.The option is located under the Account Security section of the Account Setting... - Facebook Stalker Tracker Tool Turns Users into Spammers
Privacy has been one of the major concerns of Facebook users roday, especially as the social network continues to increasingly grow to become a massive directory of personal information. Users are bec... - Facebook flaw allowed websites to steal users’ personal data without consent
A couple of weeks ago two students conducting security research contacted me about a vulnerability which they believed they had found with Facebook.
Rui Wang and Zhou Li said that they had found a vu... - SSCC46 – Egypt, Facebook and HTTPS, FBI warrants and the new MS zero day
This week's Chet Chat took on political overtones as a result of the tense situation in Egypt. Michael Argast and I surveyed the security landscape as we witness a shift from Stuxnet and espionage an... - My 1st St@tus scam hits Facebook users hard, spreads virally
Thousands upon thousands of Facebook users have been hit by a new survey scam spreading virally across the social network.
Messages claiming to be users' first ever Facebook status updates are being ... - Facebook scares users with account protection status warning
Over the last few weeks we have been contacted by a number of members of the Sophos Facebook page, concerned by a message they saw on Facebook, warning them that their account protection was "very lo...
Posted on 30 January 2011. Tags: Facebook, HTTPS, officially, supports, users
