tag:blogger.com,1999:blog-1691787955971358127.post4961190664069541417..comments2023-10-11T00:23:55.487-07:00Comments on The Unseen University: New Facebook with SECURODYNE!Anonymoushttp://www.blogger.com/profile/01602248161038082454noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-1691787955971358127.post-14337323100368588302011-04-11T10:36:55.998-07:002011-04-11T10:36:55.998-07:00Quick plug for the "https everywhere" pl...Quick plug for the "https everywhere" plugin for Firefox, which will attempt any http: URI first over https:. Many services support https: even if they don't announce it.Keshlamhttps://www.blogger.com/profile/08004025116670107261noreply@blogger.comtag:blogger.com,1999:blog-1691787955971358127.post-26357762918491555922011-02-06T13:33:36.942-08:002011-02-06T13:33:36.942-08:00While I will never accuse Facebook of being good a...While I will never accuse Facebook of being good at engineering or security, this is a huge step in the right direction. Have you seen <a href="http://en.wikipedia.org/wiki/Firesheep" rel="nofollow">Firesheep</a>?<br /><br />It uses a cookie hijack attack. Full HTTPS can block the main vector of that attack - namely packet sniffing. It won't stop browser exploits, trojans, etc, but considering how many people use facebook on free wifi, this is a very serious vector.<br /><br />Perhaps they should have been more clear that this added security doesn't stop other vectors, but it definitely stops one of the easiest.<br /><br />(previous post removed due to lack of proper formatting, please delete).Justin Wickhttps://www.blogger.com/profile/01386093143586175768noreply@blogger.comtag:blogger.com,1999:blog-1691787955971358127.post-80369937529421135472011-02-06T13:31:51.118-08:002011-02-06T13:31:51.118-08:00This comment has been removed by the author.Justin Wickhttps://www.blogger.com/profile/01386093143586175768noreply@blogger.comtag:blogger.com,1999:blog-1691787955971358127.post-13492929128799152512011-01-30T18:22:09.922-08:002011-01-30T18:22:09.922-08:00My understanding is that Facebook is going to prov...My understanding is that Facebook is going to provide the option of performing all communication over HTTPS, not just logins.<br /><br />See:<br /><br /> <a href="http://www.thecrimson.com/article/2011/1/30/account-facebook-security-setting/" rel="nofollow">Protect Your Facebook Account</a><br /><br />I didn't see this setting in my account yet, though.Timhttps://www.blogger.com/profile/15129237678877974813noreply@blogger.comtag:blogger.com,1999:blog-1691787955971358127.post-21939804562091159112011-01-30T18:21:22.461-08:002011-01-30T18:21:22.461-08:00My understanding is that Facebook is going to prov...My understanding is that Facebook is going to provide the option of performing all communication over HTTPS, not just logins.<br /><br />See:<br /><br /> <a href="http://www.thecrimson.com/article/2011/1/30/account-facebook-security-setting/" rel="nofollow">Protect Your Facebook Account</a><br /><br />I didn't see this setting in my account yet, though.<br /><br />- TimTimhttps://www.blogger.com/profile/15129237678877974813noreply@blogger.comtag:blogger.com,1999:blog-1691787955971358127.post-53030386766966596312011-01-28T19:42:31.453-08:002011-01-28T19:42:31.453-08:00Wearing a tinfoil hat on your head will protect yo...Wearing a tinfoil hat on your head will protect you from alien mind reading rays, too.<br /><br />But it won't make you any more secure. Protection form the wrong thing is worse then no protection at llas it makes you think you are safer then you are.Anonymoushttps://www.blogger.com/profile/01602248161038082454noreply@blogger.comtag:blogger.com,1999:blog-1691787955971358127.post-59924471603541136502011-01-28T19:39:34.622-08:002011-01-28T19:39:34.622-08:00SSL will do nothing to stop an attack thats based ...SSL will do nothing to stop an attack thats based on your computer or in your browser.<br /><br />I already explained that above.<br /><br />As for governments, you aren't going to stop them anyway. There is no security mechanism in use in the USA that the NSA doesn't have a crack for, and our govt has been snooping traffic for a long time.<br /><br />And their explanation was not one. It was a claim that "this makes your facebook account informations secure!" Which is a bald-faced lie.Anonymoushttps://www.blogger.com/profile/01602248161038082454noreply@blogger.comtag:blogger.com,1999:blog-1691787955971358127.post-80462786573340544532011-01-27T10:21:31.045-08:002011-01-27T10:21:31.045-08:00Actuality, according to this article at the Atlant...Actuality, according to this article at the Atlantic Montbly, http://m.theatlantic.com/technology/archive/2011/01/the-inside-story-of-how-facebook-responded-to-tunisian-hacks/70044/. Facebook just finished dealing with a large-scale man-in-the-middle attack. The govt of Tunisia was forcing ISPs to snoop passwords and turn over data from Fcebook accounts <br /><br />There is also a Firefox extension called, http://codebutler.com/firesheep, which recently made news headlines because it makes it trivially easy in public wifi scenarios to steal Facebook (among other services) login cookies and then hijack the session. <br /><br />Man-in-the-middle attacks are a very serious and a very real problem. You should not be denying that or faulting Facebook for dealing with it. And while their explanation wasn't great you have to remember who their audience is.Anonymousnoreply@blogger.com