Wednesday, February 2, 2011

Facebook HTTPS Fail

According to Michael Brennan (@brennan_mike)...!/brennan_mike/status/32859085120471041
Facebook HTTPS fail. If you use an app that doesn't support it, FB asks you to switch to HTTP and then reverses your default HTTPS setting.

Since I use very few applications in Facebook, I am unable to verify his claim. However, there has to be a large number of FB apps which don't use SSL, so it makes sense they might work around that fact in this manner.

This could result in users unintentionally modifying their HTTPS setting to a less secure settings (aka disabling it).

With that being said, it is still recommended to enable HTTPS for Facebook, if you haven't already done so.

The checkbox can be found at: Account (at the upper right corner) --> Account Settings --> Account Security --> Secure Browsing (https)

No comments:

Post a Comment