Facebook just added an option to secure your connection with HTTPS! This is great news for any security-conscious Facebook users.
Normally, when you use Facebook, anyone on the same network can sniff the network traffic and see what you’re doing. Firesheep made this even easier than it already was. It used to be that you could create a secure (HTTPS) connection to the Facebook login page (https://login.facebook.com/login.php), but once you had logged in, you were returned to a vulnerable, insecure connection (over HTTP).
In Security Now! episode 285: Fuzzy Browsers, Steve Gibson reported that Facebook had added an option to encrypt your entire session, from login to logout. Facebook provides instructions in their blog post A Continued Commitment to Security:
- Log into Facebook.
- In the top right corner, click Account.
- From the dropdown, click Account Settings.
- Next to Account Security, click change.
- Check the box for Browse Facebook on a secure connection (https) whenever possible.
- Click Save.