Facebook uses HTTPS for all users


As Facebook announced via blog post, the social network is now at least in North America by default HTTPS. In future, the change happen in other parts of the world. When this will be the case in Germany, is not known yet.

Until now, Facebook users the SSL option - strange Untechnical referred to as "Secure browsing" - activate in the security settings by hand. This option led facebook early 2011, emerged in response to the end of 2010 browser plugin Firesheep. Which aims to help lay people assume transferred via HTTP sessions of other users on the same network.

By switching to HTTPS Facebook users hardly walk a risk that the communication between the browser and Facebook servers is overheard, or the log data is recorded. Although the tools and BEAST CRIME attacks on SSL-secured connections have been demonstrated. These attacks, however, works only within relatively narrow limits and are very expensive.

Other popular web services such as Google's email service Gmail or Microsoft's Hotmail encrypt long been standard SSL: Gmail since early 2010, Hotmail since mid-2011. Even Twitter, which was also taken at the time of Firesheep targeted response, in February 2012 and led SSL a mandatory. Yahoo about here, however, shows little activity - the webmail access is not encrypted since time immemorial.

No comments:

Post a Comment