[Joinee Hathorn]

Apparently...

"Facebook has changed and said nothing (again). Take a look at your URL (top box on your screen.) If you see "http" or just "www", instead of "https", you DO NOT have a secure session & can be hacked. Go to Account Settings - Click Security on the left top corner - click Edit next to Secure Browsing, Check box, click Save. FB has automatically set it on the non-secure setting! Do everyone a huge favor, copy & re-post"

Someone with more web-security knowledge can probably help confirm, but I made my changes.

[Rachel Rose]

It's kind of nerdly magical watching the change from http to https.


Thank you, Noel.

[Joinee Marcus]

As with pretty much everything that contains the words "copy and re-post", this is a bit of a lie. Although yes, technically HTTPS is a more secure way of browsing, there's nothing wrong with good ole HTTP. As well as this, simply changing to HTTPS browsing does NOT mean you're hack-proof. Your facebook password will be sent in an encrypted form HTTPS or not, and there's really no need to change anything. You're safe enough as is.

Think of it this way - you've been surfing the join-me forum for ages under HTTP, with no problems at all.

See http://www.hoax-slay...-browsing.shtml Makes more sense than I do.

This post has been edited by Joinee Marcus: 16 November 2011 - 11:12 PM

[Captain K]

Also bear in mind that if you're on a limited internet connection where you have a monthly bandwidth allowance, encrypted pages over HTTPS will be considerably larger than Facebook's already chunky, script-filled pages.

[Joinee Hathorn]

I did wonder if that was the case...

[Lethal Biddle]

The S stands for sodomy.

True fact.

[Au Joinee Rory]

Joinee Marcus, on 16 November 2011 - 11:12 PM, said:

As with pretty much everything that contains the words "copy and re-post", this is a bit of a lie. Although yes, technically HTTPS is a more secure way of browsing, there's nothing wrong with good ole HTTP. As well as this, simply changing to HTTPS browsing does NOT mean you're hack-proof. Your facebook password will be sent in an encrypted form HTTPS or not, and there's really no need to change anything. You're safe enough as is.

Think of it this way - you've been surfing the join-me forum for ages under HTTP, with no problems at all.

See http://www.hoax-slay...-browsing.shtml Makes more sense than I do.

Have you ever used Facebook on a publicly-accessible WiFi network (like in a café, an airport, a bookshop, or even someone's home if the WiFi network is insufficiently secured)? If so you were leaving a wide open door for anyone to stroll in and hijack your Facebook account. It's so easy there's even a Firefox extension that will give you a list of account names (and handy identifying pictures) of people who are currently logged into Facebook on the same network as you. Like the look of that girl on her laptop in Starbucks? Well then go right ahead and log into her Facebook account, just by clicking on her picture.

The fact that the password is transfered securely is of no consequence. That prevents you from getting access to the password. But the password isn't sent as part of every request. Instead you use cookies, which identify you just the same way as your password does. This is why you don't have to re-enter your password every time you click a link. The cookie is sent in the clear, so anyone on the same network can read it without having to do any kind of decryption.

Switching to HTTPS means that every request and response is encrypted, so no-one can get at the cookie. There are still ways to get access to your account (usually involving tricking you into providing your password to someone who shouldn't have it). But there are still ways to break into your house even if you lock the door, and that doesn't mean you should leave the door wide open when you head out to work in the morning.

Captain K, on 16 November 2011 - 11:32 PM, said:

Also bear in mind that if you're on a limited internet connection where you have a monthly bandwidth allowance, encrypted pages over HTTPS will be considerably larger than Facebook's already chunky, script-filled pages.

This is unlikely to be of any consequence to anyone on this forum. I'm sure it's an issue in many parts of the world, but most people here are in Europe or the US where even if their bandwidth is restricted, it's likely to have such a high limit that you only need to worry about video and audio, not regular web pages (even big ones).


It's also worth pointing out that, last I checked, the official Facebook apps for Android and iOS use plain HTTP for all of their traffic too. So if you use them on an open WiFi network you invite the same issues I described above.

[HJCotW Spacemonkey]

Well, yeah, but what do you know about computers, 'Rory*'?

MoT
HJCotW

*If that is even your real name