Unapologetic Ramblings

world-shaker:

Facebook has at long last offered an option to use the encrypted “HTTPS” protocol, a feature it will begin rolling out today but won’t finish for a “few weeks.” You should check now if it’s available, and sign up as soon as it is enabled for your account. The performance overhead is minor—zippy Gmail, for example, uses HTTPS for everything—and it’s an important step to keep your Facebook account safe from being hijacked on an open or poorly secured wireless network.

By default, Facebook sends your access credentials in the clear, with no encryption whatsoever. Switching to HTTPS is important because a browser extension called Firesheep has made it especially easy for anyone sharing your open wireless network—at cafe or conference, for example—to sniff your credentials and freely access your account. One blogger sitting in a random New York Starbucks was able to steal 20-40 Facebook identities in half an hour. HTTPS solves this longstanding problem by encrypting your login cookies and other data; in fact the inventor of Firesheep made the software to encourage companies like Facebook to finally lock down their systems.

You can sign up for Facebook HTTPS by going to Account Settings and then selecting “Account Security,” third from the bottom. Then click under “Secure Browsing” — if it’s there. Facebook says everyone should have this by the end of the day, but in the meantime you might be missing the relevant option toggle.

Side note — I had three active log-ins of locations I’ve never once stepped foot in.  I hit “end activity” on those suckers.