We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 
74,953 News Articles

Facebook ups security with HTTPS access

Secure connection blocks Firesheep attack

Facebook is rolling out a more secure way to connect to its website, which will protect users from a widely publicised wireless networking attack called Firesheep.

The social-networking site is starting to let users connect to Facebook using an HTTPS secure web connection, which offers extra assurance that they're connecting to the website that they intend to reach, while also encrypting the data sent between the PC and Facebook.

This encryption makes it safer for people who log onto Facebook in places that have insecure wireless networks. It's easy to sniff unencrypted web traffic on unsecured Wi-Fi networks, so a hacker could walk into a Starbucks, for example, and start stealing information from people who are logged onto the network. Security researcher Eric Butler last year released Firesheep, a Firefox plugin that lets anyone log into a victim's Facebook or Twitter account.

The new HTTPS option will thwart the Firesheep attack, said Roger Thompson, vice president of web threat research with security vendor AVG.

But it won't stop the biggest scams on Facebook. It won't stop phishing, the Koobface worm, or viral scams that entice victims with the promise of interesting videos, but end up trying to sell them paid mobile-phone services, he said.

Over the past few years, consumer websites have begun using more HTTPS in order to make things more secure. It's now used by default on Gmail and it's an option for Hotmail users as well.

Right now, Facebook users will need to change their security settings to turn on the HTTPS option - and it isn't yet available to all users - but the company expects it to gradually become more widespread. "We are rolling this out slowly over the next few weeks, but you will be able to turn this feature on in your Account Settings soon," Facebook said on Wednesday in a blog post announcing the feature. "We hope to offer HTTPS as a default whenever you are using Facebook sometime in the future."


IDG UK Sites

Samsung Galaxy Note 4 release date, price and specs 2014

IDG UK Sites

iPhone 5s review: why the iPhone 5s is still the best phone you can buy in 2014

IDG UK Sites

Passwords don't work: here's four ways to fix them

IDG UK Sites

Developers get access to more Sony camera features