Facebook and HTTPS

A few days ago Facebook offering the option of completely SSL encrypted communication. This security feature is disabled by default and a script kiddie could sniff your session cookie and use it to take over other people's Facebook accounts with tools like Firesheep. But a well versed Facebook user can find and enable the option for full SSL encrypted communcation.

Unfortunatly SSL encrypted communication does not work with all Facebook apps. If you click on a link to a Facebook app, Facebook asks whether you would like to switch to a "regular connection (http)". If you then continue, you land on an unprotected http website (like expected). But in the background Facebook disables the https option in your account settings without any further question!

The Firefox add-on NoScript (also part of the JonDoFox profile) offers an enforce HTTPS implementation. Add Facebook to your list of HTTPS only domains and HTTPS encrypted communication with Facebook will never be disabled.


    No Trackbacks


Display comments as (Linear | Threaded)

  1. WillSmith says:

    ouusf8 Hi! I'm just wondering if i can get in touch with you, since you have amazing content, and i'm thinking of running a couple co- projects! email me pls

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.