FB security *yawn* – Firesheep *hmmm sounds interesting* – and the opt in option for https on Facebook *yawn*

Me doing a security type post, here’s a first…Some of you will repost this, others won’t. No scaremongering here. Realistically, not enabling https access may not affect you at all, but if you use an unencrypted wi-fi access for FB, then you definitely should be. (Does anyone still have a non WPA2 encrypted home wi-fi network? I so so hope not!)

I am not going to get technical. Lets just say that gmail implemented it as default a few months back. I remember Charl B pointing out this issue with regards to gmail nearly 16 months ago and the opt in solution . Then they made it default a few months later.  Most gmail users probably never even noticed the change. It made no difference to the performance.

On facebook its still opt in however, not default, a year later!

https is the encrypted protocol that banks use for communication when you do your banking. You know, “the lock” at the bottom of your browser?
Firesheep is an add-on that runs in firefox that allows someone on the same unencrypted wi-fi network as you to basically log in as you to sites that don’t use https for the whole session. Before this, “sidejacking” was a bit more difficult.

Aston Kutcher, while at TED (TED is awesomeness!) must have used unencrypted wi-fi without https on his twitter and got firesheeped.
more background here:
Someone in DC cares about online security

It makes sense to turn it on. If it gives you hassles, turn it off. If you use unencrypted wifi bear with it!

in FB goto
Account>account settings>Account security and click Secure browsing (https)

Facebook and Firefox: Buttons not showing up?

If you use firefox and facebook, you may notice (or may not actually) that the navigation buttons and added functionality options by way of “buttons” dont show up. These are the Nav buttons next to the facebook logo for Friend requests, messages and notifications. Then the button for settings on posts on your wall and even the forward and back buttons for the photos.

To get these back, while you have  facebook up, just

1. Right click screen
2. go to “view page info”
3. select “media” tab
4. uncheck “block images from static.ak.fbcdn.net”

(Source: A helpful post in the FB forums from M.Delhie)