Is Algeria Deleting Facebook Accounts?

belmolis writes "Algeria is reported to be shutting down ISPs and deleting Facebook accounts in an effort to prevent anti-government protests from escalating as they did in Egypt. Is it likely that they are deleting FB accounts? Unless Facebook is cooperating, this would either require hacking FB to obtain administrator privileges or cracking the password of each account they wish to delete."

Re:Unencrypted cookie auths

That cookie is renegotiated after each https login, and it is specific to one session. You can't clone it from another station.
Even if you do manage to intercept it, Man in The Middle attacks are notoriously hard to execute

Quick, someone tell these guys that hijacking FB sessions should be difficult.

Re:Unencrypted cookie auths

[GuruBuckaroo]

This entire thread, with one notable exception, is entirely, horribly uninformed. As the only other worthwhile poster points out, the Firesheep plugin proves that once you have the FB cookie (which can be sniffed via MITM attack or over Wifi), you can hop onto a Facebook session from any computer. Maybe not a shortcoming with the idea of login cookies, but certainly a shortcoming in Facebook's handling of them. Second, about two weeks ago FB started officially supporting an HTTPS-Always preference. There's a checkbox in Account, under Security, that forces all connections (and I do mean all, even connections to other subdomains) to use SSL. No plugin needed. As much as I enjoy Facebook, and correctly monitor both security settings AND what data I allow it to access, I'm really happy that Firesheep showed how piss-poor their security was. It gave the final push to my campaign to secure the "public" wifi hotspots our company offers to it's guests.