Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

February 23rd, 2011, 14:15 GMT · By

Facebook Fixes Some of Its HTTPS Problems

SHARE:

Adjust text size:


Facebook fixes chat over HTTPS
Enlarge picture
After announcing a somewhat crippled HTTPS implementation a month ago, Facebook has made significant progress towards fixing the issues, like enabling the chat functionality.

Google is clearly pushing HTTPS into the mainstream by enabling it by default for services like Gmail, Docs, Calendar and more recently, Picasa Web Albums.

Facebook aims to implement default full-session HTTPS sometime in the future too, especially since the need for such protection was clearly outlined by the account hijackings in Tunisia.

During the protests that eventually lead to the ousting of former President Zine El Abidine Ben Ali, the Tunisian government used its control over the country's main Internet routers to inject password stealing code into the Facebook login page.

Had it been protected by SSL, this kind of tampering would have broken the HTTPS connection, which could have tipped off users that something bad is going on.

Facebook started its HTTPS push first by providing an option under Account Security to always enable such a connection automatically.

However, it warned that important functionality, such as using third-party applications or the Facebook Chat, was not available over HTTPS.

When trying to open an app users were asked to revert back to HTTP, which was not a temporary change as some people might have instinctively thought.

Nevertheless, it appears that Facebook has worked behind the scenes on improving its HTTPS implementation and it has some progress to show for it.

For one, Facebook Chat now works, which is a great plus for users willing to try HTTPS. The network is also working on making third-party apps available under HTTPS.

While it's no longer required to revert to HTTP in order to use them, the encryption is still broken because not all content is signed. The apps we tried also loaded very slowly.

Granted, Facebook's HTTPS offering is still not ready to be embraced by everyone, but it could protect people who often connect over open wireless networks, as long as they're ok with not using apps just yet.

TELL US WHAT YOU THINK:

2,218 hits · 1 comment · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Facebook Clears Persistent HTTPS Setting Without Warning
Facebook Makes First Step Towards Default Full-Session HTTPS
Google Leads the Way to SSL-Protected Mainstream Services

READER COMMENTS:


Comment #1 by: stuttstud on 25 Feb 2011, 23:10 UTC reply to this comment

Facebook Chat does not work for all users with https enabled, and all requests for information and fixes to Facebook are being ignored.

Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use