you're reading...
365, Security, Social

Day 018: Facebook Security

Today I’ll start a sequence on the Security options in Facebook.
Finding the security options is easy. Simply click that little down arrow at the top right, as ever. Then simply select the Account Settings option. Under that select Security.

Secure Browsing:

Your first option is what should really be the absolute default on all websites. HTTPS is the secure version of all normal browsing, HTTP. Simply put, there is a certificate associated with the site that can be checked and verified with an independent third party. These Certificate Authorities provide a way for you to be sure that you are talking to the real Facebook.
Additionally, they allow the communication to be encrypted to such an extent that it is actually difficult tell what you’re even looking at, except that it is Facebook.
Taking into account all the information we are storing on Facebook now and all our relationships and preferences that are so easy to interpret HTTPS is an absolute must.
With changes made by Facebook last year you should find this is enabled by default. If not TURN IT ON!


Firstly, HTTPS isn’t foolproof. Several significant security flaws at Certificate Authorities last year caused major problems for big sites like Google. Also, there are some techniques that allow a really clever hacker to evesdrop on your conversation.
Secondly, not all Facebook communications are over HTTPS even if you turn this on. That is why it says “wherever possible“. Sme application and games in Facebook disable or turn this option off. Also some external interfaces can’t use HTTPS, though all the popular ones do. To my knowledge anyway.

About harlekwinblog

"Thoughts of an idle mind." Information Security professional.


No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: