Skip to main content
  1. Home
  2. Computing
  3. News

Facebook and Twitter fail basic security test

Jeffrey Van Camp
By

Riding off of the coattails of the FireSheep Firefox exploit, Digital Society has studied the basic security functions of 11 popular websites and given them grades. The results are not stellar for most, especially social networking sites Twitter and Facebook, which both received failing grades.

The reasons why they failed get quite technical, but center around the lack of full SSL (Secure Sockets Layer) protection on the sites. One easy way to know if you are on an SSL protected site is if your browser bar says “https://” instead of the standard “http://.” If you are not, then it is possible that your information could be stolen because it is not encrypted. Facebook and Twitter do not encrypt data all the time, a feature that they should implement.

online-security-report-card-facebook-twitter-2010
Image used with permission by copyright holder

There are four basic ways to get hacked (studied here)

If a site doesn’t have SSL browsing support, anyone can see what you’re browsing at any time, but only what you’re browsing currently.

In a partial sidejacking, an attacker gets a hold of a users authentication cookies and gains partial access to their account. An authentication cookie is a small file that sites on your computer, allowing you to revisit a website without re-logging in every time. It tells Facebook: “hey, I’m still the same computer; let me in.” In a partial sidejacking, some of your information is visible to the attacker, but he/she can’t entirely breach your account.

Recommended Videos

In a full sidejacking, the attacker gets full control over your account, but can’t get your username or password. Usually he/she can do everything except change the password because most sites request that you re-type the old password first. Full sidejacking is scary. In Hotmail, for example, an attacker would be able to read all of your emails.

Finally, in a full hijacking, the attacker gains control over everything in your account and can change anything, including your password. Sites that do not have SSL authentication leave you vulnerable to a full hijacking.

Be careful

Our best advice: be careful where you browse Facebook, Twitter, and other sites with logins. If you’re on public Wi-Fi spot, make sure that it is password protected. This should encrypt your information, making it more difficult for others to hack you.

Editors' Recommendations

Topics
Jeffrey Van Camp
Jeffrey Van Camp
Former Digital Trends Contributor
As DT's Deputy Editor, Jeff helps oversee editorial operations at Digital Trends. Previously, he ran the site's…
Gigabyte just confirmed AMD’s Ryzen 9000 CPUs
Pads on the AMD Ryzen 7 7800X3D.

Gigabyte spoiled AMD's surprise a bit by confirming the company's next-gen CPUs. In a press release announcing a new BIOS for X670, B650, and A620 motherboards, Gigabyte not only confirmed that support has been added for next-gen AMD CPUs, but specifically referred to them as "AMD Ryzen 9000 series processors."

We've already seen MSI and Asus add support for next-gen AMD CPUs through BIOS updates, but neither of them called the CPUs Ryzen 9000. They didn't put out a dedicated press release for the updates, either. It should go without saying, but we don't often see a press release for new BIOS versions, suggesting Gigabyte wanted to make a splash with its support.

Read more
ExpressVPN Deals: Save 49% when you sign up today
Express VPN logo.

VPNs have become pretty important in the modern world, whether it's a matter of unlocking geo-blocked content or providing an extra layer of security to your connection when you're out in public. Luckily, one of the best VPNs on the market has a sale right now that will save you 49% on the regular pricing. You also get a 30-day money-back guarantee to test it out, which is great because there isn't any Express VPN free trial you can take advantage of. That said, if the deal below doesn't quite tickle your fancy, or Express VPN is not the VPN that fits your needs, you can check out some of these other great VPN deals as well.

Today's Best ExpressVPN Deal

Read more
Save $100 on this Netgear mesh Wi-Fi system at Crutchfield
netgear orbi ax6000 tri band wi fi system deal crutchfield april 2024 lifestyle

If you want every corner of your home to have access to a stable internet connection, you're going to want to buy a mesh Wi-Fi system. There are lots of options out there among all the router deals online, but here's one that we recommend -- the Netgear Orbi AX6000 tri-band Wi-Fi system, which Crutchfield is selling at $100 off. Instead of $900, you'll just have to pay $800 for this mesh Wi-Fi system, but only if you hurry. The discount is expected to last for a few more days, but we're not sure if stocks will still be available by the end of the sale.

Why you should buy the Netgear Orbi AX6000 tri-band Wi-Fi system
The Netgear Orbi AX6000 tri-band Wi-Fi system includes a router module and two satellites to create a mesh network that supports Wi-Fi 6 and will provide coverage across 7,500 square feet. The router and the satellites will use a single network name for a seamless connection as you move around -- horizontally or vertically -- and MU-MIMO technology will allow for simultaneous streaming across multiple devices, so even if everyone in the family is connected to the mesh Wi-Fi system at the same time, nobody will experience any lag or buffering while watching streaming shows.

Read more