How does Facebook protect its users against BREACH attacks on HTTPS traffic, as well as cross-site request forgery attacks? Chad Parry, a London-based member of the social network’s security infrastructure team, and Christophe Van Gysel, who contributed to the mitigation of BREACH at Facebook as an intern, answered those questions in detail in a note on the Protect the Graph page.
The false promise of being able to see who viewed users’ Facebook profiles is once again being used as bait on a phishing trip, as security firm Symantec reported in a blog post that this particular scam was designed to loosely resemble Facebook’s login page, but unsuspecting Web surfers will fall victim to the Infostealer strain of malware.
HTTPS, or Hypertext Transfer Protocol Secure, is now the default for all Facebook users, putting the wraps on a process the social network started last November, Software Engineer Scott Renfro announced in a note on the Facebook Engineering page.
Facebook participated in the Federal Trade Commission’s Public Forum on Threats to Mobile Devices earlier this week, and it shared some of the best practices agreed upon at the forum in a note on the Facebook Security page.
Are you willing to sacrifice a little bit of speed for a lot more safety? Facebook is asking that very question with its announcement that it will transition all of its users to HTTPS (Hypertext Transfer Protocol Secure) starting this week, adding that speed-hungry users can opt out if they wish.
Have you ever wondered what advice a hacker would give you to protect your Facebook account from his or her kind? Core Security, a provider of predictive security intelligence solutions, got the scoop from some of its staffers.