Technology Tip
February 23, 2011 | By Randy Abrams, Director of Technical Education, Cyber Threat Analysis Center – ESET North America
Facebook at the Coffee Shop
Last year I wrote of a program called Firesheep that makes it easy for someone on the same public network, such as at a coffee shop, to hack into your Facebook, and other accounts if you are not using an encrypted connection. Facebook recently has made it possible for you to use and encrypted connection. This means that a snooper in the coffee shop can’t hijack your Facebook account, but you have to enable the setting as currently Facebook does not make it the default.
When you log into Facebook, in the upper right portion of the screen there is a drop down menu titled “Account”. From the Account Menu choose Account Settings. This will take you to a web page and on the page there is a link for Account Security. Click the “Change” link to the right of Account Security and check the box that says “Secure Browsing (https)” and then click the “Save” button below.
All social networking and email sites should be using https by default, but very few do. If you are using a public WIFI access point, such as at a Starbucks, it is risky to access web sites that require a log in and do not always use https for the web address. Most all will use https when you send the password, but after that they use cookies as substitutes for passwords and usually revert to http. It is never safe to use Yahoo email from a WIFI access point as Yahoo does not support https beyond the login. Gmail does offer encrypted email by default, however if you have had your account for several years you may need to enable https.
I recommend that you take a moment to make sure your Facebook and Gmail accounts are properly configured for encrypted browsing.
If you have any questions on this or other general security topics, feel free to email me at AskESET@eset.com.