Digital Trends
Computing

Facebook and Twitter fail basic security test

Jeffrey Van Camp
By

Riding off of the coattails of the FireSheep Firefox exploit, Digital Society has studied the basic security functions of 11 popular websites and given them grades. The results are not stellar for most, especially social networking sites Twitter and Facebook, which both received failing grades.

The reasons why they failed get quite technical, but center around the lack of full SSL (Secure Sockets Layer) protection on the sites. One easy way to know if you are on an SSL protected site is if your browser bar says “https://” instead of the standard “http://.” If you are not, then it is possible that your information could be stolen because it is not encrypted. Facebook and Twitter do not encrypt data all the time, a feature that they should implement.

online-security-report-card-facebook-twitter-2010

There are four basic ways to get hacked (studied here)

If a site doesn’t have SSL browsing support, anyone can see what you’re browsing at any time, but only what you’re browsing currently.

In a partial sidejacking, an attacker gets a hold of a users authentication cookies and gains partial access to their account. An authentication cookie is a small file that sites on your computer, allowing you to revisit a website without re-logging in every time. It tells Facebook: “hey, I’m still the same computer; let me in.” In a partial sidejacking, some of your information is visible to the attacker, but he/she can’t entirely breach your account.

In a full sidejacking, the attacker gets full control over your account, but can’t get your username or password. Usually he/she can do everything except change the password because most sites request that you re-type the old password first. Full sidejacking is scary. In Hotmail, for example, an attacker would be able to read all of your emails.

Finally, in a full hijacking, the attacker gains control over everything in your account and can change anything, including your password. Sites that do not have SSL authentication leave you vulnerable to a full hijacking.

Be careful

Our best advice: be careful where you browse Facebook, Twitter, and other sites with logins. If you’re on public Wi-Fi spot, make sure that it is password protected. This should encrypt your information, making it more difficult for others to hack you.

Editors' Recommendations

Don't Miss

Spotify vs. Pandora: Which music streaming service is better for you?
Up Next

Google teams with airlines for free holiday Wi-Fi
awesome tech you cant buy yet biolite headlamp feat
Emerging Tech

Awesome Tech You Can’t Buy Yet: Click-to-brew beer, comfy headlamps, and more

Check out our roundup of the best new crowdfunding projects and product announcements that hit the Web this week. You can't buy this stuff yet, but it sure is fun to gawk!
Posted By Drew Prindle
the fbi wants you to reboot your router insecure getty
Computing

Wi-Fi vulnerability could allow attackers to steal your data on unencrypted sites

A 20-year-old security flaw in the design of the Wi-Fi standard and how computers communicate using the transmission control protocol could allow hackers to perform a web cache poisoning attack to steal your data and login information.
Posted By Chuong Nguyen
how to send money on facebook smartphone friends internet connection
Social Media

How to send money on Facebook

In case you weren't already aware, you can now use Facebook Messenger to send or request money, which will allow you to skirt the fees oft-associated with services like Venmo. Here's how to use it.
Posted By Kailla Coomes
swiftkey beta 6 0 update version 1445516617 typing smartphone shutterstock 329161457
Mobile

Be an online phantom and web surf safely with Ghostery’s mobile browser

Keeping your private information to yourself has become progressively harder in the internet age. If you're worried about your personal information, check out the new version of the Ghostery browser for iOS and Android.
Posted By Mark Jansen
iOS 12
Mobile

Google Maps is available on Apple CarPlay with iOS 12

After months of betas, the final version of iOS 12 is here to download. The new OS comes along with tons of new capabilities from grouped notifications to Siri Shortcuts, here are all the features you'll find in iOS 12.
Posted By Brenda Stolyar, Steven Winkelman
dell xps 13 2018 screen hero2
Computing

The Dell XPS 13 is our favorite laptop. Here are the best cases and bags for it

Whether you're a prolific traveler or simply want to make sure your beloved Dell XPS 13 is safe for that odd car trip, these are the best Dell XPS 13 cases, sleeves and carry bags we could find.
Posted By Jon Martindale
How the Razer Blade 15 was made | Gaming event
Computing

How Razer forged the Blade 15, the slim gaming laptop nobody else could build

With the recent launch of the Blade 15, Razer ushered in a new design language that's cleaner and more angular. We recently visited Razer's San Francisco, California design studio to learn more about Razer's approach to design.
Posted By Chuong Nguyen
best ergonomic mouse logitech mx master header
Computing

Detangle your desk with these mighty wireless mice

If you're looking for the best wireless mouse on the market, we've got the list for you!. Here are six models that will give everyone what they need, whether they're hardcore gamers or looking to ward off carpal tunnel.
Posted By Jon Martindale
hashflare cloud mining and bitcoin regulation crypto coin farm
Computing

It's not all free money. What to know before you try to mine Bitcoin

Mining Bitcoin today is harder than it used to be, but if you have enough time, money and cheap electricity, you can still turn a profit. Here's how to get started mining Bitcoin at home and in the cloud.
Posted By Jon Martindale
New Bing on its way
Computing

Bing, Windows search evolve into new, cross-platform Microsoft Search

Microsoft is upgrading its various search tools to provide more contextual help for those seeking it. Bing, Office, and Windows search will all be upgraded over the coming months to provide much more nuanced results.
Posted By Jon Martindale
United Nations
Computing

U.N. security blunder left secret Trello boards, Google Docs exposed

United Nations documents were left vulnerable to unauthorized users by staffers who left Trello boards and Google Docs unprotected and accessible to anyone who had their unique URLs.
Posted By Jon Martindale
Microsoft Surface Hub 2
Computing

Back for the boardroom, Microsoft outlines the future of the Surface Hub

With the Surface Hub 2 still on the horizon, Microsoft announced two additional versions of its digital whiteboard, the Surface Hub 2S and 2X, to attendees of their 2018 Ignite developer conference.
Posted By Michael Archambault
macos mojave hands on review app store
Computing

Here's how to install the free MacOS Mojave update now

Apple's newest operating system has finally arrived, and we'll show you how to download MacOS Mojave for free. After you install Mojave, you'll be able to take advantage of new apps ported from iOS, a dark theme, and more.
Posted By Chuong Nguyen
chrome 69 user issues google update
Computing

Chrome 69 logs you in without consent, but Google says it’s for your own good

Google is under fire for how Chrome 69 behaves. When you log into a Google service, you're automatically logged into the browser, raising serious privacy concerns. Google was forced to address its tactics and update its policy.
Posted By Chuong Nguyen