|Security Alert - Facebook https:// loophole|
|Written by Jason Vasquez|
|Sunday, 20 March 2011 09:46|
In my previous post I talked about the new Facebook security feature to enable a secure connection (https://www.facebook.com...). Well turns out there is a loophole that you must be aware of if you use Facebook apps, games, etc.
KCITP Member Kris Nessa discovered and posted this on Hacker News.
Facebook new SSL setting has loophole/defect around apps.
Issue: After seeing the new Facebook Security setting to enable a secure session, I tried out the setting. The setting has a loophole (or a defect if you want to call it that). If you engage in any apps that run on Facebook, these apps may need to take you out to a non-secure session. When the new Facebook SSL security option is enabled, and you try to go to a non-secure session to engage in the app, Facebook will notify you with a message asking you if it’s ok to jump out to the non-secure session. If you choose to jump out, at this point Facebook is disabling your Account Security SSL setting. That’s right. So when you’re done playing Farmville (or whatever app you choose) and go to log into Facebook later, Facebook has disabled the SSL and you are back to non-secure Facebook browsing and interactions.
So what do you do about it? If you do use apps, you will have to go back into your security settings and turn back on 'Secure Browsing' each time until Facebook fixes this issue.
Source Link: Hacker NewsTags: security, secure
|Last Updated on Sunday, 20 March 2011 11:18|