Skip to main content
  1. Home
  2. Computing
  3. Web
  4. Legacy Archives

Facebook and Twitter fail basic security test

Add as a preferred source on Google

Riding off of the coattails of the FireSheep Firefox exploit, Digital Society has studied the basic security functions of 11 popular websites and given them grades. The results are not stellar for most, especially social networking sites Twitter and Facebook, which both received failing grades.

The reasons why they failed get quite technical, but center around the lack of full SSL (Secure Sockets Layer) protection on the sites. One easy way to know if you are on an SSL protected site is if your browser bar says “https://” instead of the standard “http://.” If you are not, then it is possible that your information could be stolen because it is not encrypted. Facebook and Twitter do not encrypt data all the time, a feature that they should implement.

online-security-report-card-facebook-twitter-2010
Image used with permission by copyright holder

There are four basic ways to get hacked (studied here)

If a site doesn’t have SSL browsing support, anyone can see what you’re browsing at any time, but only what you’re browsing currently.

In a partial sidejacking, an attacker gets a hold of a users authentication cookies and gains partial access to their account. An authentication cookie is a small file that sites on your computer, allowing you to revisit a website without re-logging in every time. It tells Facebook: “hey, I’m still the same computer; let me in.” In a partial sidejacking, some of your information is visible to the attacker, but he/she can’t entirely breach your account.

Recommended Videos

In a full sidejacking, the attacker gets full control over your account, but can’t get your username or password. Usually he/she can do everything except change the password because most sites request that you re-type the old password first. Full sidejacking is scary. In Hotmail, for example, an attacker would be able to read all of your emails.

Finally, in a full hijacking, the attacker gains control over everything in your account and can change anything, including your password. Sites that do not have SSL authentication leave you vulnerable to a full hijacking.

Be careful

Our best advice: be careful where you browse Facebook, Twitter, and other sites with logins. If you’re on public Wi-Fi spot, make sure that it is password protected. This should encrypt your information, making it more difficult for others to hack you.

Jeffrey Van Camp
As DT's Deputy Editor, Jeff helps oversee editorial operations at Digital Trends. Previously, he ran the site's…
Microsoft wants Windows 11 and your phone to become best friends
Microsoft's latest plans reportedly focus on making the PC and smartphone experience feel seamless.
Windows 11 PC with Android Phone

For years, Phone Link has felt like that one app everyone knows exists but rarely remembers to open. Microsoft apparently wants to change that. According to a report from Windows Central, the company is working on a major overhaul of how smartphones integrate with Windows 11, making phones feel like a native part of the operating system instead of something users access through a separate app.

Phone Link is coming out of hiding

Read more
What are Copilot+ PCs? Everything you need to know
Copilot

Walk through a laptop aisle in 2026 and the Copilot+ PC branding is highlight for most Windows laptops. From Microsoft's own surface to other PC makers like Samsung, HP, and Dell, you can find notebooks that carry this badge to convey that they are AI-ready. At a glance, the name sounds like it refers to a computer with a better version of the Copilot chatbot, which only explains a small part of it.

A Copilot+ PC is a Windows 11 computer that meets Microsoft’s hardware standard for advanced on-device AI features like a compatible processor with a dedicated NPU. You also need a certain amount of RAM and storage, all of which brings access to Windows features such as Recall, Click to Do, and much more. Many of these experiences use the NPU to process information locally, reducing their reliance on cloud servers and helping them run more efficiently in the background.

Read more
ASUS expands its ProArt lineup with a compact keyboard and a smart creator mouse
The new ProArt KD300 and MD301 are designed to make life easier for designers, editors, and creators.
ASUS ProArt Keyboard KD300 and ProArt Mouse MD301

Creators have long had plenty of powerful laptops and monitors to choose from. Keyboards and mice? Not so much. ASUS is looking to change that with the expansion of its ProArt accessory lineup. Leading the announcement is the new ProArt Keyboard KD300, a compact low-profile keyboard that's designed to work alongside the ProArt Mouse MD301, giving creators a matching desktop setup built specifically for productivity instead of gaming.

A compact keyboard that doesn't sacrifice functionality

Read more