Skip to main content
  1. Home
  2. Computing
  3. News

Facebook and Twitter fail basic security test

Jeffrey Van Camp
By

Riding off of the coattails of the FireSheep Firefox exploit, Digital Society has studied the basic security functions of 11 popular websites and given them grades. The results are not stellar for most, especially social networking sites Twitter and Facebook, which both received failing grades.

The reasons why they failed get quite technical, but center around the lack of full SSL (Secure Sockets Layer) protection on the sites. One easy way to know if you are on an SSL protected site is if your browser bar says “https://” instead of the standard “http://.” If you are not, then it is possible that your information could be stolen because it is not encrypted. Facebook and Twitter do not encrypt data all the time, a feature that they should implement.

online-security-report-card-facebook-twitter-2010
Image used with permission by copyright holder

There are four basic ways to get hacked (studied here)

If a site doesn’t have SSL browsing support, anyone can see what you’re browsing at any time, but only what you’re browsing currently.

In a partial sidejacking, an attacker gets a hold of a users authentication cookies and gains partial access to their account. An authentication cookie is a small file that sites on your computer, allowing you to revisit a website without re-logging in every time. It tells Facebook: “hey, I’m still the same computer; let me in.” In a partial sidejacking, some of your information is visible to the attacker, but he/she can’t entirely breach your account.

Recommended Videos

In a full sidejacking, the attacker gets full control over your account, but can’t get your username or password. Usually he/she can do everything except change the password because most sites request that you re-type the old password first. Full sidejacking is scary. In Hotmail, for example, an attacker would be able to read all of your emails.

Finally, in a full hijacking, the attacker gains control over everything in your account and can change anything, including your password. Sites that do not have SSL authentication leave you vulnerable to a full hijacking.

Be careful

Our best advice: be careful where you browse Facebook, Twitter, and other sites with logins. If you’re on public Wi-Fi spot, make sure that it is password protected. This should encrypt your information, making it more difficult for others to hack you.

Editors' Recommendations

Topics
Jeffrey Van Camp
Jeffrey Van Camp
Former Digital Trends Contributor
As DT's Deputy Editor, Jeff helps oversee editorial operations at Digital Trends. Previously, he ran the site's…
The best tablets in 2024: top 11 tablets you can buy now
Disney+ app on the iPad Air 5.

As much as we love having the best smartphones in our pockets, there are times when those small screens don't cut it and we just need a larger display. That's when you turn to a tablet, which is great for being productive on the go and can be a awesome way to unwind and relax too. While the tablet market really took off after the iPad, it has grown to be quite diverse with a huge variety of products — from great budget options to powerhouses for professionals.

We've tried out a lot of tablets here at Digital Trends, from the workhorses for pros to tablets that are made for kids and even seniors -- there's a tablet for every person and every budget. For most people, though, we think Apple's iPad Air is the best overall tablet — especially if you're already invested in the Apple ecosystem. But if you're not an Apple user, that's fine too; there are plenty of other great options that you'll find in this roundup.

Read more
How to delete a file from Google Drive on desktop and mobile
Google Drive in Chrome on a MacBook.

Google Drive is an excellent cloud storage solution that can be accessed from numerous devices. Whether you do most of your Google Drive uploading or downloading from a PC, Chromebook, or mobile device, there’s going to come a time when you’ll need to delete a file (or two). Fortunately, the deletion process couldn’t be more straightforward. We’ve also put together this helpful guide to show you how to trash your Drive content a couple of different ways.

Read more
Windows 11 might nag you about AI requirements soon
Copilot on a laptop on a desk.

After recent reports of new hardware requirements for the upcoming Windows 11 24H2 update, it is evident that Microsoft is gearing up to introduce a bunch of new AI features. A new report now suggests that the company is working on adding new code to the operating system to alert users if they fail to match the minimum requirements to run AI-based applications.

According to Albacore on X (formerly known as Twitter), systems that do not meet the requirements will display a warning message in the form of a watermark. After digging into the latest Windows 11 Insider Build 26200, he came across requirements coded in the operating system for an upcoming AI File Explorer feature. The minimum requirement includes an ARM64 processor, 16GB of memory, 225GB of total storage, and a Qualcomm Snapdragon X Elite NPU.

Read more