Facebook SSL Rolling Out

First, I apologize for not posting to this blog in the past year it seams. I have been moving quite a bit of my daily blogging, internet posting, over to Twitter. I have decided to make atleast a monthly entry here covering IT security, virtualization, or some other IT Infrastructure related topic.

Today, I wanted to let folks know that the new HTTPS Security feature in Facebook appears to be rolling out today. At about 2:00pm EST I was able to enable HTTPS browsing for Facebook whenever possible. Why is this important? Well, unless you have been sleeping under a rock you have heard of the released firefox plugin called firesheep. Now, the information gathering that firesheep is now doing, is not new. It is however new that a utility like this can be downloaded and ran by Joe User with very little effort. Through this utility, an average computer user sitting on an unencrypted wifi hotspot, or somewhere upstream of your internet connection can easily sniff and and gain access to your login credentials to various social networking and other non-https sites.

As facebook rolls this option out, it will be available to you under Account - Account Settings - Account Security Settings.

All you have to do is check the box, and click save. This will then force Facebook to use HTTPS where ever possible. Please understand that this may BREAK a few apps that you use within facebook. I would suggest not using those apps going forward, however you can go in and uncheck the box to use those apps, and then simply check the box again to turn it back on. Your information will then be vulnerable once again while the box is unchecked, and you are using these insecure apps.

Good Luck