The Importance of HTTPS – Especially on Facebook

Nowadays people are becoming more and more comfortable with putting their personal information on the internet on services such as Facebook and Google and we trust in its privacy settings to prevent the wrong people from accessing this information. This gives us the confidence to put more information about ourselves onto the internet. But are you actually fully protected on someone else accessing your information? I will show you how easy it is for me to access someone else’s information on Facebook.

How you can be hacked on Facebook

By default, your Facebook travels through the internet via unsecure channels so when you log in to Facebook you have to communicate with the Facebook server who will authenticate your login and generate a session for your Facebook. This session is what you require to use Facebook for a good amount of time until the session expires or when your session is removed (by logging out). Whilst your session is on and being used on the unsecure channel that gives the ability for anyone within the same network to be able to tap into your data stream between your computer and the Facebook server and hijack your session.

Session interception

Session interception

So on my phone I have an app which does this for me and it has listed these current facebook sessions in my network.

Facebook session listing

Hacking into "Unknown"

Once hijacked, they can copy your session into their browser et voila, you’ve been hacked into.

hacked facebook

Hacked Facebook account

Everything you have put about your life on Facebook is accessible and can be altered or you can be remotely what the kids call “fraped”.

frape facebook rape

Facebook rape AKA frape

They can find out all the stuff you have written on your info page such as email addresses, phone number, home addresses, date of birth, family relations, maybe enough information to hack into your bank account.

Facebook info hacked

Facebook info hacked

Worse yet, you can even be locked out of your own Facebook account if they change your password by changing your security question, email address and then clicking on “forgot password” before logging in again and going through the Facebook verification service.

facebook hack: change security and email

Change Security and Email

How to secure your Facebook

Here is what you have to do to secure your Facebook from this type of hacking. It is pretty simple however it will increase the load time of your Facebook by a little bit however it might not be a bad price to pay. As of 07/07/2011 (unless Facebook change their user interface after this article), you can secure your Facebook by doing the following:

  1. Log in as normal.
  2. Click “Account” on the top right of your screen and click “Account Settings”.
  3. Under the “Settings” tab which should be loaded as default you should have a section named “Account Security”. Click “change”
  4. Check the box for “Secure Browsing (https)”. You can also enable some other security feature such as SMS notifications upon login just for that extra peace of mind.

Simple!

This uses Facebooks SSL certificate to secure the connection between your device and the Facebook server. Anybody who tries to intercept your data will simply see jibberish and will not be able to do anything with that data. You may notice that your Facebook URL has “https://” in front of it with a pad lock icon next to it. This is what is used by default on Google’s sensitive pages such as emails and the new Google+.

If you have a website which transacts confidential information of which you would like to make secure, do contact us by filling out our enquiry form on www.textmimedia.com and we will provide you with a secure solution for your website.

Raj

Graduate from University of Manchester in Computer Science. Programme anything from backend code to frontend code.