Facebook Steps Up Browsing Security Following Hack to Zuckerberg’s Page
Facebook security engineer Alex Rice wrote January 26 on the social network’s official blog about the new feature that tightens up the browsing security of its website (https) after the fan page of its CEO, Mark Zuckerberg, has fallen prey to a security breach on the same day caused by a bug.
“We’ve developed a number of complex systems that operate behind the scenes to keep you secure on Facebook. In addition, we’ve created some advanced features you can use to help protect yourself even more, such as remote logout and one-time passwords. These features are especially useful when you’re uncertain whether your network or computer is secure,” Rice said on the note that January 28 (Friday) marks the Data Privacy Day.
On Tuesday, an unauthorized messages was posted on Zuckerberg’s page saying, “Let the hacking begin: If facebook needs money, instead of going to the banks, why doesn’t Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a ‘social business’ the way Nobel Price [sic] winner Muhammad Yunus described it?”
A spokesman from Facebook said right after the outbreak of the security breach that the unauthorized posting of the message has been caused by a bug, which has been found to have also penetrated other pages with millions of ‘fans’ (those who clicked the ‘like’ button).
Joe Sullivan, chief security officer at Facebook, said the private data of users affected remained untouched by the bug as its ability is limited only to posting messages.
The security breach, however, has alarmed millions of Facebook users to the possibility that they are not any far from falling victim to the same hack.
Now Facebook has added the https feature to its site when browsed by the users. The feature, however, has to be manually activated by the user in the “Account Settings” section of the account, though Facebook said it hopes to set it as a default feature sooner. Https browsing feature has been known to kill a Firefox plug-in called Firesheep which steals online identity while using an unencrypted WiFi.
“At Facebook we strive to put people at the center of all of our products and to design every experience you have on the site to be social,” Rice said in the blog post.
Added to the new browsing feature is ‘social authentication’ in which users would be asked to name some friends based on pictures to be shown at the log-in page. This would happen if, for instance, a user logs on in California and hours later in Australia, Rice said.
Rice added social authentication could help users shun security breach since most hackers “don’t know who your friends are” even if they may crack your password.