Facebook is giving all users the option of accessing its social networking service via SSL encryption. The move comes a day after pranksters hacked into the Facebook page of CEO Mark Zuckerberg and less than a month after the company reportedly turned on SSL encryption for anyone viewing the site inside Tunisia, where malicious …
Over their heads?
Let's try and remember they're facebook users. A lot of them won't have the attention span to read as far as paragra...hey, look! a butterfly!
And what if they're not real friends?
Several people I know have racked up hundreds of FB 'friends' just so that their Mafia / Farm etc gets some sort of bonus: they don't actually know these people and don't interact with them outside these games.
Unless FB offers a way to filter out 'real friends' from 'random people who accepted my friend request', how will one be able to know them by name for this picture identification idea?
They know how often you message people or graffiti their "wall", "like" their "status" or any number of other interactions...
And how many photos you are both tagged in...
A lesson here?
"they don't actually know these people and don't interact with them outside these games."
That'll learn them to not to interact with people outside the narrow confines of an online game.
That social authentication has been about for about a year now, it is nothing new. When i was on holiday and logged into facebook, it showed me pictures of friends to name them before allowing me any further into my account, nothing 'new' there, just because they blogged about it doesn't make it new.
Good job on the SSL though fb :)
So, one small piece becomes a bit more secure ...
... but what's the point in encrypting traffic to and from facebook, while facebook continues to abuse the privacy of its users (eg by constantly inventing new ways they can disclose private data and setting them by default to disclose without your permission) once your information has arrived there.
"We will show you a few pictures of your friends and ask you to name the person in those photos"
There are quite a lot on my list who have photos of their kids/grandchildren as their profile picture.
How the hell do I tell all their brats apart?
I agree that FB should force SSL connections but you can just go to https://www.facebook.com and be protected against sniffing on open networks.
That only works for the login page and nowhere else, once at the profile page, it is not forced and is back to non-ssl state (just look in the addy bar).
The near future, only the new FB setting (once it appears in your Settings page) or the FF plugin will force FB to be SSL.
Maybe in the future, FB will auto-force SSL on each and every page. I doubt it.
"Instead of showing you a traditional captcha on Facebook, one of the ways we may help verify your identity is through social authentication. We will show you a few pictures of your friends and ask you to name the person in those photos. Hackers halfway across the world might know your password, but they don't know who your friends are,"
Can't people browsing facebook see who your friends are anyway? you can usually view somebodys friends without actually being friends with them in the first place
Not since a long time now
Security options have been in place since two years ago that configure many things to be visible by all, some or none; among those are photos, info, posts and of course your friends.
So the people showing their friends list to non-friends are either ignorant of the ability to hide it or simply naive enough to think it is of no consequence.
Tagging, so far....
I believe, but dont know for sure, that photo tags only show to friends, and you can turn off friends of friends and everyone, however, YOU have to make that change - FB doesnt default to anything "safe" and the choir hears me preach!
SSL will save everyone. Quick, turn it on!
And the beat goes on . . .
The joke that is facebook just keep on going, and going, and going.
SSL available now
I now have the HTTPS option but, a word of warning, any Facebook Connect apps you may use will no longer login if you enable this option.
I'll just have to decide what's more important, security or Bejeweled Blitz! ;-)
Soon to be fixed with another rollout
Title says it all.
The Goldman Sack $50 Billion ponzi
Isn't it wonderful?
(I started as sarcasm I swear)
SSL "costs"? Google busts the myth, publicly.
SSL "overhead" has been largely, at least for the last 8 years, a myth and barely measurable. Just ask Google.
http://techie-buzz.com/tech-news/google-switch-ssl-cost.html (this is a widely reported and important link, mods, but feel free to edit it if the register already reported on this Google SSL story especially if there is an internal register link). Google turned on SSL for ALL of their services around November 2010, not just for gmail anymore.
This is a Facebook ROLLOUT (actually BECAUSE of the recent hack of Zuck's account, Zack's hack didnt cause the push - Facebook had planned to release SSL for everyone all at once, but decided move it quicker by rollout, based on the public story of Zuck's hacked account)
FB has been working at turning SSL for its whole site since July of 2010, and since about December, I at least have been able to force each page to SSL using the FF plugin mentioned numerous times here.
Unfortunately, out of 4 accounts, 1 has the setting Sophos was talking about recently, I have the baited breath for the other 3 to be SSL'd soon!
"Social Confirmation" tickles me....
That trick will work just as long as FB security team shows you pics of your friends that are tagged. I can see that as problematic, too. And, if you arent following what I am saying - read the whole article, as I have.
- World's OLDEST human DNA found in leg bone – but that's not the only boning going on...
- Facebook offshores HUGE WAD OF CASH to Caymans - via Ireland
- Microsoft teams up with Feds, Europol in ZeroAccess botnet zombie hunt
- Three offers free US roaming, confirms stealth 4G rollout
- Justin Bieber BEGGED for a $200k RIM JOB – and got REJECTED