Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Facebook Security IT

Facebook Switching To HTTPS By Default 92

Posted by Unknown Lamer from the single-party-spying dept.
Trailrunner7 writes "Facebook this week will begin turning on secure browsing by default for its millions of users in North America. The change will make HTTPS the default connection option for all Facebook sessions for those users, a shift that gives them a good baseline level of security and will help prevent some common attacks. Facebook users have had the option of turning on HTTPS since early 2011 when the company reacted to attention surrounding the Firesheep attacks. However, the technology was not enabled by default and users have had to opt-in and manually make the change in order to get the better protection of HTTPS."
This discussion has been archived. No new comments can be posted.

Facebook Switching To HTTPS By Default More

Facebook Switching To HTTPS By Default

Comments Filter:

  • Re:SSL hardware acceleration? (Score:5, Informative)

    by Hadlock ( 143607 ) on Monday November 19, 2012 @08:54PM (#42034493) Homepage Journal

    Crystal Forest is supposed to have SSL acceleration built in. Ivy Bridge (2012) has AES acceleration built in on midrange i5s and up, and I think AES was supported by some processors as early as Sandy Bridge (2011). Crystal Forest is a platform rather than microarchitecture, and I'm not sure exactly when it will be released.

  • Re:Need password (Score:5, Informative)

    by TheInternetGuy ( 2006682 ) on Monday November 19, 2012 @09:43PM (#42035057)

    It's a typo. Remove the trailing apostrophe in the URL.

    Still not working here. I need to go to;
    https://threatpost.com/en_us/blogs/facebook-enabling-https-default-north-american-users-111912

  • Re:How long does it take to get a cert? (Score:4, Informative)

    by TheRealGrogan ( 1660825 ) on Monday November 19, 2012 @09:51PM (#42035147)

    Yes, I don't like the use of https where it's not needed. It's more overhead all around and YES it matters on busy servers and slow, high latency links. It can also meant he difference between accessing and not accessing the site with a misconfigured router (e.g. wrong MTU on a PPPoE connection can make SSL not work correctly. There's one ISP here that needs packets no larger than 1454 bytes or there's trouble signing into various services. The default on the routers is 1492 for PPPoE, which is supposed to be correct but gets people every time. The ISP doesn't "support" routers, unless they supply, configure and lock you out of them. So I get service calls over that all the time)

    I do not need SSL on Google. Like I give a fuck if people snoop my search phrases. (I'll search for "kiss my ass" just in case the bogey man is listening) I would want SSL for signing in to, say, Gmail or something but I don't need it for all communications. Now that Google has carried the https over to Youtube, some silly browsers (e.g. IE8) prompt on the loading of every damned page because there's a mix of secure and non secure content. Really smart.

Slashdot Top Deals

"If I do not want others to quote me, I do not speak." -- Phil Wayne

Close