UPDATED 15:24 EDT / JANUARY 26 2011

Facebook Finally Adds HTTPS, but Still Broken

Facebook announced that they’ve finally added secure web browsing for Facebook 2 months after the release of the Firesheep tool that made it trivially easy to hack Facebook accounts.  That prompted me to give them an “F” in security which was widely cited in the media.  But there are some major problems with this update from Facebook.  First, the feature doesn’t work yet even though they’re saying it’s available as of today, and I can’t enable the always enable HTTPS whenever possible option under account settings.  Second, the feature should be turned on for everyone automatically because most people won’t even know about this.

Right now if I manually type in HTTPS, it seems to be secure until I click on any of the links which revert me back to HTTP.  Once reverted, my Facebook credentials are instantly leaked to Firesheep.  What’s even more bothersome to me is that when I posted a comment on the Facebook announcement, my critical comment was removed and I caught a screenshot of the error below.

A few minutes later, my comment magically reappeared so it looks like they had second thoughts about removing my comment.  Even so, I have 4 up votes which would have placed the comment up top but they somehow knocked it down to 3 votes so it’s not showing on the first page of their security announcement.

I’ll have to try this feature again tomorrow to see if it’s finally working.  It’s funny that Facebook claims “That’s why we’ve developed a number of complex systems that operate behind the scenes to keep you secure on Facebook.”  The fact is that they haven’t even gotten the basics of security right all this time and it’s still not right.

[Cross-posted at Digital Society]


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU