Facebook Switching To HTTPS By Default 92
Trailrunner7 writes "Facebook this week will begin turning on secure browsing by default for its millions of users in North America. The change will make HTTPS the default connection option for all Facebook sessions for those users, a shift that gives them a good baseline level of security and will help prevent some common attacks. Facebook users have had the option of turning on HTTPS since early 2011 when the company reacted to attention surrounding the Firesheep attacks. However, the technology was not enabled by default and users have had to opt-in and manually make the change in order to get the better protection of HTTPS."
Need password (Score:5, Insightful)
Re:How long does it take to get a cert? (Score:5, Insightful)
No big deal (Score:4, Insightful)
Of course, the biggest security vulnerability is on one end of the connection, and the biggest threat to privacy is on the other. HTTPS won't help much for those.
That's nice (Score:4, Insightful)
Re:How long does it take to get a cert? (Score:5, Insightful)
Re:How long does it take to get a cert? (Score:4, Insightful)
You mean those same governments whose root certs are already in 90% of computer trust chains?
Protip: your computer very likely trusts a root cert from a Chinese company with "strong" ties to their government. Sleep well.
Re:power (Score:3, Insightful)
I don't know but I'm sure the waste ratio hasn't increased from 100%.
Re:How long does it take to get a cert? (Score:3, Insightful)
Indeed. The "heavy" part of SSL is doing the connection setup and exchange as it uses asymmetric algorithms like RSA or Diffie-Hellman for key exchange. The actual bulk encrypted transport is relatively lightweight. It never made much sense to me to spend the cycles to setup a secure connection, use it for protecting the login/password, and then dropping back to an insecure page when you could just keep the same connection secure for minimal additional resources.
Re:How long does it take to get a cert? (Score:3, Insightful)