Today, we all live and work on the internet. Many of us carry smart phones that allow us to always be connected to the web. We share with our daily lives with our friends and loved ones via Twitter and Facebook. The downside to our internet lifestyle is the security flaws that are often part of using the internet.
Firesheep Makes Us Vulnerable
In late 2010, a developer known as Codebutler released an add-on for Firefox known as Firesheep. The add-on allows users to capture the security cookies that are passed back and forth the verify logins via websites like Facebook. While this security flaw is limited to open Wi-Fi networks, it is a very important idea. Many of us use the Wi-Fi available in coffee shops or university campuses, and those are all vulnerable to Firesheep-like attacks.
It was quickly realized that the best way to fight the attacks was via SSL browsing. Twitter rolled out the more secured browsing rather quickly, tightening security by the end of November. It took a hacker cracking Mark Zuckerberg’s page on Facebook for that company to respond, but they have now released SSL through the website.
Enabling SSL In Facebook
In order to enable the new SSL setting in Facebook, first go to your Facebook page and click the Account button in the top right hand corner. Once there, click the Account Settings button.
Once you are on the Account Settings page, you will see a number of options available to you. Click on the Account Security section to expand it.
In the Account Security pane, you will see a check box under Secure Browsing (https) that says Browse Facebook on a secure connection (https) whenever possible. Click that check box and press Save to save the setting.
That’s it. You will now use SSL when logged into Facebook. This will prevent your account from being cracked by Firesheep like attacks. Facebook has not released this feature to all users yet, so if you can’t find the setting, just look again in a day or so. Everyone should have the option soon. (also read: How to secure your Facebook account by setting up login alerts )
If you have any trouble finding the setting, leave a note in the comments. Do you think that this should be a forced setting? Have you ever had a Firesheep experience? Please leave your thoughts in the comments below as well.
[Firesheep Screenshot via Codebutler]