Facebook Steps Up Security After Tunisian Hacks
Over the holidays, Tunisian Internet censors reportedly tried to gain access to their citizens’ Facebook passwords by using a keystroke logger, which Facebook’s security team worked overtime to block. Facebook’s solution to make Tunisian accounts more secure was to route them to an HTTPS server and ask users to to identify their friends in photos in order to log back in, as detailed in Alexis Madrigal’s excellent post in the Atlantic about the topic. Now Facebook is rolling out those same features to all users.
The company will soon give all users the option to use Facebook entirely over HTTPS, and recommends they do so if they use public Internet access points. It will also show members social captchas for authentication–where they must identify a few of their Facebook friends’ faces–whenever suspicious activity is detected on an account.
Facebook warned in a blog post that using HTTPS will slow down the site and isn’t compatible with all features, including some externally developed Facebook applications. It will roll out HTTPS access “slowly over the next few weeks” via its settings page, the company said.
Facebook still faces other ongoing security problems, such as spam, virus messages and wall posts. CTO Bret Taylor said yesterday the company had cut platform spam by 95 percent in 2010, but I believe he was referring to notifications and posts from applications, especially social games. Meanwhile, Facebook CEO Mark Zuckerberg’s public fan page was apparently hacked into yesterday and has since been taken down.
Please see the disclosure about Facebook in my ethics statement.