In my previous post I talked about the new Facebook security feature to enable a secure connection (https://www.facebook.com...). Well turns out there is a loophole that you must be aware of if you use Facebook apps, games, etc.

KCITP Member Kris Nessa discovered and posted this on Hacker News.

Facebook new SSL setting has loophole/defect around apps.

Issue: After seeing the new Facebook Security setting to enable a secure session, I tried out the setting. The setting has a loophole (or a defect if you want to call it that). If you engage in any apps that run on Facebook, these apps may need to take you out to a non-secure session. When the new Facebook SSL security option is enabled, and you try to go to a non-secure session to engage in the app, Facebook will notify you with a message asking you if it’s ok to jump out to the non-secure session. If you choose to jump out, at this point Facebook is disabling your Account Security SSL setting. That’s right. So when you’re done playing Farmville (or whatever app you choose) and go to log into Facebook later, Facebook has disabled the SSL and you are back to non-secure Facebook browsing and interactions.

There are a few options out there to force security on your web browsers and you can get by this issue of Facebook disabling your setting and ensuring you’re always browsing the secure session of the application (and SSL of all websites).

Alternatives/Fixes: If using Mozilla Firefox, there is a free, beta add-on, HTTPS Everywhere from the Electronics Frontier Foundation. I’ve installed and tested this, and it works as desire (you may want to uninstall the browser toolbar it installs by default).

If using Google Chrome, there is an extension, KB SSL Extension. I have not tested or verified this extension.

I couldn’t find any current updates for Safari and Explorer browsers.

So what do you do about it? If you do use apps, you will have to go back into your security settings and turn back on 'Secure Browsing' each time until Facebook fixes this issue.

Source Link: Hacker News

Tags: Facebook | Security | Hacking

Facebook has implemented a new feature in the past few months that allows you enable a secure session. I am still seeing many people using the old (unsecure) setting.

Look at your address bar (URL); if you see http://www.facebook.com... instead of https://www.facebook.com... then you do nott have a secure session (you can be hacked).

Go to Account|Account Settings|Account Security and click Change. Click the checkbox under "Secure Browsing (https)". FB defaults to the non-secure setting. Click 'Save'.

While you are at it, take time to review your privacy settings.

Tags: Security | Facebook

Interesting site for virus information: http://www.onlinecomputerfixes.com/virus-removal/

They try to push their product, but it is a good archive for the types of 'FAKE' virus tools.

Tags: Virus | Security

Protect your identity – Be careful what information you post. Many thieves use social network sites for identity theft.

Set your profile to “Private” – Change your privacy settings so that only your friends can see your profile, photos and wall posts.

Keep your location general - Never post your exact address.

Be selective with your photos - Manage photos in which you are "tagged." You can "remove tag" on any ones you don’t will to be linked to your profile. Don’t post photos you don’t want everyone to see.

Games? – Many people play the Facebook games (Farmville, Mafia Wars, etc.) but most may not know that they are sharing their information and all of their friend’s information with the companies that makes these games.

DELETE FACEBOOK EMAIL – Many viruses are being spread as emails that look like they are coming from your Facebook friends. Many of the links in these emails will take you to an infected web page. Instead, simply delete the email and log on to facebook to read your messages or requests.

Tags: Facebook | Safety | Security

That’s right...I said FREE!!! Microsoft has finally come out with their very own AntiVirus software for PCs...Microsoft Security Essentials. From my experience it is very good. It may not be as fast as some of the other programs out there, but that is because it is thoroughly scanning each and every file on your system to keep you safe.

Stop paying those yearly fees for your AntiVirus software and download Security Essentials from Microsoft today. You won’t be disappointed.

www.microsoft.com/Security_essentials/

Tags: Microsoft | AntiVirus | Free | Security Essentials | Security

Do you have wireless internet access at home or in the office? Wireless networking products are so inexpensive, it seems just about anyone can set one up in a matter of minutes. Here in lies the danger. Many wireless routers you buy off the shelf are inherently insecure; they come wide open for anyone to connect to.

What can you do to secure your wireless network?

• Change the default password
• Change the default SSID (wireless network name) – Do not use a name that can identify it as being yours (name, company name, street address or unit number etc.
• Enable WPA encryption (instead of WEP) – WEP is insecure and can be compromised within 60 seconds.
• Disable Remote Administration
• Disable uPNP option

Tags: Tech Bits | TidBits | WPA | WEP | Security | Wireless