Last summer I was bored, so I went down to my local coffee shop that offers wi-fi. I’m sure I don’t have to tell you which one I went to, but just because I’m from Canada, doesn’t mean I don’t like spending 10 dollars on a coffee. Anyways, back on track.
So I was at the coffee shop, and decided to load up Wireshark, Ettercap and look at what people were doing on their computers. While Wireshark and Ettercap were working away in the background, I was busy creating a web page for my future MITM attach. Just as I was about to finish I looked over at Ettercap, and to my surprise I saw unencrypted Facebook passwords. I was thinking to myself, that can’t be. Facebook is one of the most popular sites to go to, and it requires the user to login, so it’s login credentials must be encrypted. Well they weren’t, and I received about 10 different usernames and passwords that I wasn’t even trying to get.
FYI to all my readers – Most Facebook goers use yahoo, Hotmail(live) or Gmail as their account login, and most people use the same passwords for both their e-mail accounts and their Facebook accounts, so PLEASE use a different password for each. As this will increase security, and protect your accounts even if one gets compromised.
Now, I didn’t write this to show you how awesome I was, and how I got Facebook accounts and passwords on a public network. I wrote it to show you how easy it is to do!
Well it was, until now. Facebook has finally released an option to use secure http. However, unless you know what you’re looking for, it’s pretty hard to find. Below is step-by-step instructions on how to enable Facebook with ‘https’. Now this setting takes effect on your Facebook account, and not on your computer. So no matter what computer you are using Facebook on, it will use secure http.
The images that I have included have been edited to hide my Facebook page, and my news feeds, I already have enough Facebook creepers, I don’t need any more.
1. Go to http://www.facebook.com, and login
2. Click on ‘Account’ -> ‘Account Settings’
3. Look for ‘Account Security’ and click on change
4. Check the option ‘Browse Facebook on a secure connection (https) whenever possible’
Now anytime that you are using a browser that supports secure http your Facebook login will be encrypted 🙂
I really think that Facebook should make more of an effort to make their users know of this new option, and what could happen if you don’t use it. If you are interested in reading the original post on the Facebook Blog