Facebook Switching To HTTPS By Default

← Back to Stories (view on slashdot.org)

Facebook Switching To HTTPS By Default

Posted by Unknown on Monday November 19, 2012 @12:30PM from the single-party-spying dept.

Trailrunner7 writes "Facebook this week will begin turning on secure browsing by default for its millions of users in North America. The change will make HTTPS the default connection option for all Facebook sessions for those users, a shift that gives them a good baseline level of security and will help prevent some common attacks. Facebook users have had the option of turning on HTTPS since early 2011 when the company reacted to attention surrounding the Firesheep attacks. However, the technology was not enabled by default and users have had to opt-in and manually make the change in order to get the better protection of HTTPS."

8 of 92 comments (clear)

Min score:

Reason:

Sort:

Need password by jfdavis668 · 2012-11-19 12:34 · Score: 4, Insightful

Would be helpful if I didn't need a password to read the linked article.
1. Re:Need password by TheInternetGuy · 2012-11-19 13:43 · Score: 4, Informative
  
  It's a typo. Remove the trailing apostrophe in the URL.
  Still not working here. I need to go to;
  https://threatpost.com/en_us/blogs/facebook-enabling-https-default-north-american-users-111912
  
  --
  If my comment didn't sound as good in your head as it did in mine, then I guess we all know who's to blame
Link to article has extra character at end by mcl630 · 2012-11-19 12:37 · Score: 5, Informative

The proper link is:
https://threatpost.com/en_us/blogs/facebook-enabling-https-default-north-american-users-111912
Thanks, Facebook. by pushing-robot · 2012-11-19 12:51 · Score: 5, Funny

Twitter did it a while back. Facebook finally jumped on the bandwagon. Now if only ChatRoulette would follow suit, I could finally bare every detail of my life to strangers without fear of prying eyes.

--
How can I believe you when you tell me what I don't want to hear?
1. Re:Thanks, Facebook. by varargs · 2012-11-19 13:05 · Score: 4, Funny
  
  Zuckerborg would be a hero in my book if he would redirect all of facebook to /dev/null.
Re:SSL hardware acceleration? by Hadlock · 2012-11-19 12:54 · Score: 4, Informative

Crystal Forest is supposed to have SSL acceleration built in. Ivy Bridge (2012) has AES acceleration built in on midrange i5s and up, and I think AES was supported by some processors as early as Sandy Bridge (2011). Crystal Forest is a platform rather than microarchitecture, and I'm not sure exactly when it will be released.

--
moox. for a new generation.
Re:How long does it take to get a cert? by Culture20 · 2012-11-19 12:55 · Score: 4, Insightful

They've had a cert (and an https only option) for years. They apparently finally have the computing power to make it default ( it's not free to encrypt every little transaction, and their pages auto update).
Re:How long does it take to get a cert? by ewieling · 2012-11-19 14:14 · Score: 4, Insightful

If you only use SSL when you have something to protect, then you are telling any attacker (including a government "attacker") exactly which data you think is important.

--
I really shouldn't have used someone else's email address for this account.