Facebook user’s worldwide now getting secure web browsing by default

The site confined your password during login using HTTPS, but left the rest of your session unencrypted. Fire sheep was free as a proof of concept that sniffing an unencrypted session after login was all an attacker desirable to hijack your account. This made Facebook’s new option welcome, but being opt-in meant it actually didn’t go far enough.

Facebook lastly did move to make safe browsing a default, at least for users in North America. Facebook announced that it is now using HTTPS by default for all users, so the rest of the world has lastly caught up. Because it involved a lot of moving parts, explains Facebook software engineer Scott Renfro.

Namely, it involved receiving third-party application developers to improve, getting web-browser cookies to be compliant, controlling referrer headers, and migrating users to HTTPS with no disorder “in-flight” sessions, i.e. improvement people while they’re really using the site.

Presentation has also been a vast challenge, Renfro says, given the additional hoops browsers have to leap through with HTTPS: In adding to the network round trip essential for your browser to converse to Facebook servers, https adds extra round trips for the handshake to set up the link. Full handshakes require two extra round trips, while a shortened handshake requires just one extra round trip. An abbreviated handshake can only follow a winning full handshake.

Here’s an example from Renfro of how that extra latency can make users with already-slow connections undergo yet more, and how Facebook has eased the pain: If you’re in Vancouver, where a round trip to Facebook’s Prineville, Oregon, data center takes 20ms, then the occupied handshake only adds about 40ms, which probably isn’t obvious. However, if you’re in Jakarta, where a round trip takes 300ms, a full handshake can add 600ms. When combine with an already slow connection, this additional latency on every request could be very noticeable and annoying. Thankfully, we’ve been able to avoid this extra latency in most cases by advance our infrastructure and using shortened handshakes.

Facebook’s work on safe browsing is most surely not done, mind you: the company says it’s still operational with mobile phone vendors to make it happen there.

For More Spam News : http://www.nigerianspam.com/

This entry was posted in Facebook hack and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Nigerianspam.com is dedicated to all the hardworking people who have been scammed by the spammer or 419 scam frauds. Although our site concentrates on providing awareness of Nigerian 419 spam (scam), scam baiting, advance fee fraud, scam phising, also we deal with other types of fraud such as letter spam, e-mail scam, lottery spam as well. You can go through our scam baiting tips, it is just amazing way to deal with the spammer or scammer.

Nigerian Scam  |   419 Scam   |   Features of Scam  |   Mission  |   Research  |   Mail Archives  |   About Us   |   File A Complaint  |   Spam News  |   Origin Of Scam   |   Operation Of Scam   |   Consequences   |   Miscellaneous Scams   |   Scam Sites   |   FAQ   |   Contact Us  |   Scam Resources Links  |   Nigerian Scammers  |   Site Map  |   Mail Archives SiteMap  |   Scam Glossary  |   Scam Resources Books  |   Scam Checker Tool  |   Scam baiting   |   More Scam Sites  |  Scam Awareness Quiz  |   Celebrity Scam  |  Search Engine Genie  |   Bharat Udyog Ratna Award Scam Alert  |   Jeff Adams Real Estate Seminar   |   Russ Whitney Real Estate
free hit counter