Facebook Lockdown…

Facebook-LockHave you ever logged into your Facebook account while attached to a public Wi-Fi connection? If you have, you are not alone. A majority of smart-phone users do it on a regular basis, and why not? It is easy enough, standing in line at Starbuck’s? Just update that Facebook status and check out what your friends are up to. Unfortunately, using public Wi-Fi hotspots makes it very easy for almost anyone to intercept your internet activities.

This vulnerability is best  demonstrated by an extension for the Firefox browser called Firesheep that makes use of a packet sniffer to intercept information  from popular websites (Facebook and Twitter, for example) traveling over the Wi-Fi network and then allows the Firesheep user (hacker) to assume the log-in credentials of whoever’s identity was intercepted. Once logged in, the hacker has access to all sorts of personal information with very little fear of detection. Keep in mind, this extension is readily available and is very easy to use. Next time you think about logging into Facebook at your local Wi-Fi hotspot, look around. Is one of those guys (or gals) in the corner with a laptop running Firesheep?

Fortunately, defeating this particular exploit is fairly simple. Facebook allows you to access their website with the HTTPS (HyperText Transfer Protocol Secure) protocol instead of the more commonly used HTTP. HTTPS encrypts communications with SSL (Secure Socket Layer), preventing hackers from eavesdropping on your browsing. Some websites, such as banking websites, PayPal, and others require the use of HTTPS and Facebook has allowed the use of HTTPS on its website for quite some time, although it required users to manually type https://facebook.com into the address bar of their browser instead of the using the default http://facebook.com.

Facebook has a new option, automatically enabling the use of HTTPS. This option can be accessed by selecting Account from upper right corner of the page, and choosing Account Settings. Within the Account Settings is an Account Security section that looks like the one below.

Facebook Account Settings

Putting a checkmark in the Browse Facebook on a secure connection… box (be sure to click Save to apply the setting) will do just what it says and will provide a much more secure Facebook experience. Do yourself a favor, check the box, and shear that Firesheep!

NOTE: Enabling HTTPS will make browsing a little slower and Facebook apps like Mafia Wars and Farmville won’t work. Facebook chat, however, may still work. I just tested chat and it works for me, although others have been unable to use it over a secure connection.


About Kenn Anderson, Jr.

Kenn Anderson, Jr. grew up in northeastern Pennsylvania, graduated from Lackawanna Trail High School and Keystone Junior College, served in the United States Navy, and is a man of many diverse interests. Professionally, he is involved in many aspects of information technology including web design, managed services, system administration, and project management as the Director of Managed Services for Ethixa Solutions. Personally, he is devoted to his wife, Marcia, and three children – Marilyn, Samuel, and Melanie and they live in Marcia’s childhood home in Scranton, PA. Spiritually, Kenn trusts in Christ alone for salvation and is involved with Hope Church, PCA in Moosic, PA as an elder. Recreationally, Kenn enjoys reading, movies, gadgets, and many other things. For by grace you have been saved through faith. And this is not your own doing; it is the gift of God, not a result of works, so that no one may boast. – Ephesians 2:8-9 View all posts by Kenn Anderson, Jr.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: