Skip to main content
  1. Home
  2. Computing
  3. News

Facebook and Twitter fail basic security test

Jeffrey Van Camp
By

Riding off of the coattails of the FireSheep Firefox exploit, Digital Society has studied the basic security functions of 11 popular websites and given them grades. The results are not stellar for most, especially social networking sites Twitter and Facebook, which both received failing grades.

The reasons why they failed get quite technical, but center around the lack of full SSL (Secure Sockets Layer) protection on the sites. One easy way to know if you are on an SSL protected site is if your browser bar says “https://” instead of the standard “http://.” If you are not, then it is possible that your information could be stolen because it is not encrypted. Facebook and Twitter do not encrypt data all the time, a feature that they should implement.

online-security-report-card-facebook-twitter-2010

There are four basic ways to get hacked (studied here)

If a site doesn’t have SSL browsing support, anyone can see what you’re browsing at any time, but only what you’re browsing currently.

In a partial sidejacking, an attacker gets a hold of a users authentication cookies and gains partial access to their account. An authentication cookie is a small file that sites on your computer, allowing you to revisit a website without re-logging in every time. It tells Facebook: “hey, I’m still the same computer; let me in.” In a partial sidejacking, some of your information is visible to the attacker, but he/she can’t entirely breach your account.

In a full sidejacking, the attacker gets full control over your account, but can’t get your username or password. Usually he/she can do everything except change the password because most sites request that you re-type the old password first. Full sidejacking is scary. In Hotmail, for example, an attacker would be able to read all of your emails.

Finally, in a full hijacking, the attacker gains control over everything in your account and can change anything, including your password. Sites that do not have SSL authentication leave you vulnerable to a full hijacking.

Be careful

Our best advice: be careful where you browse Facebook, Twitter, and other sites with logins. If you’re on public Wi-Fi spot, make sure that it is password protected. This should encrypt your information, making it more difficult for others to hack you.

Editors' Recommendations

Topics
How to recall an email in Outlook
outlook email
The best web browsers for 2023
Lenovo IdeaPad 530S
The best password managers for 2023
have i been pwned owner uncovers 13 million plaintext passwords leaked from free webhost is a safe password even possible we
How to send a text message from your email account
how to send a text from your email account
GPU prices and availability (February 2023): how much are GPUs today?
An AMD Radeon RX 6500XT placed on a motherboard.
The best PC power supply for 2023
PC power supply in a case.
ChatGPT has a new way to detect its own plagiarism
The ChatGPT chatbot by OpenAIis now available for testing as a as a free research preview this week.
Samsung Galaxy Book 3 Ultra vs. MacBook Pro 16-inch
Someone typing on the Samsung Galaxy Book 3 Ultra.
The Galaxy Book 3 Ultra is Samsung’s most powerful laptop ever
Samsung Galaxy Book3 Ultra laptop.
Nvidia may have another monster GPU in the works, and the price could be outrageous
GeForce RTX logo is shown on the side of a graphics card.
AMD’s Ryzen 9 7950X3D pricing keeps the pressure on Intel
A hand holding AMD's Ryzen 9 7950X3D processor.
What is ChatGPT Plus? Everything we know about the premium tier
Close up of ChatGPT and OpenAI logo.
ChatGPT Plus to bring priority access during peak times — at a hefty price
ChatGPT and OpenAI logos.