In October in 2010, Firesheep made it easy for anyone on the same unsecured wireless network as you to take over your Twitter or Facebook session. This was possible because neither Twitter nor Facebook had a default secure browsing (SSL) setting.
Twitter users complained that you actually had to type “s” in your browser bar (like this: https://twitter.com) to secure your session. While Facebook offered no secured browsing setting at all. So Facebook rushed out an https solution in early 2011.
Then Ashton Kutcher—who has replaced Tom from MySpace as everyone’s friend on the Internet—had his Twitter hacked at a TED conference, allegedly. I say allegedly because the tweets—one of which said “Dude, where’s my SSL?” –are still online and Kutcher clearly has control of the account. A little over a month later, Twitter added the default https option.
Sidejacking—while likely illegal and definitely unethical—offers hackers more potential for mischief than financial gain.
If you use unsecured wireless without a VPN, which isn’t a great idea, using URLs that begin with https is the only way to protect your account from a trouble maker. You’ll notice your bank and most login pages automatically send you to a secured page.
If you are a Facebook or Twitter user who ever uses unsecured networks, you should activate secured browsing now. Once you use secured browsing in Facebook and Twitter, not only will your session activity be secured but you’ll also automatically get a secured page when you log in via any browser you’ve used since you secured your account.
(Default secure browsing is only reliable when using Facebook and Twitter through a web browser. From what I see, Facebook mobile apps do not use SSL. Official Twitter apps will use SSL by default if you select the option, but you have to check if your third-party apps offers this feature.)
How to turn on secure browsing in Facebook
(Warning: This feature may slow your Facebook browsing experience. So you may not want to use it if you are in a secured network or use a VPN. )
Go to Account.
By Account Security click “Change”.
Under “Secure Browsing (https)”, click the box that says “Browse Facebook on a secure connection (https) whenever possible”.
Now, if you ever use an app, you’ll see this message.
WARNING: If you click continue, you are no longer in secured browsing. Whoops.
As soon as you finish with the app, go back and repeat this process. You need to reactivate the page before you log out to a secured login page the next time you want to use your Facebook account.
How to turn on secure browsing in Twitter
While logged in to Twitter via a web browser, go to settings.
Next to “HTTPS Only ” click the box that says “Always use HTTPS. ”
Dude, there’s your SSL.
Little changes can make a difference. For instance, Twitter's decision to switch a star for a heart as its "Favorite" button increased use of the button by as much as 27.82 percent. And it's clear that despite Wall St. demanding that site grow faster and be easier for new users to grasp to have some hope of keeping up with competitors like Facebook and Snapchat, the site is still sweating the small stuff. Here are the four changes to the service announced this week: Replies: When replying to a Tweet, @names will no longer count toward the 140-character count. This will make having conversations on Twitter easier and more straightforward, no more penny-pinching your words to ensure they reach the whole group. Media attachments: When you add attachments like photos, GIFs, videos, polls, or Quote Tweets, that media will no longer count as characters within your Tweet. More room for words! Retweet and Quote Tweet yourself: We’ll be enabling the Retweet button on your own Tweets, so you can easily Retweet or Quote Tweet yourself when you want to share a new reflection or feel like a really good one went unnoticed. Goodbye, .@: These changes will help simplify the rules around Tweets that start with a username. New Tweets that begin with a username will reach all your followers. (That means you’ll no longer have to use the ”.@” convention, which people currently use to broadcast Tweets broadly.) If you want a reply to be seen by all your followers, you will be able to Retweet it to signal that you intend for it to be viewed more broadly. These tweaks are in line with Twitter's tradition of paying attention to how people use the site and make it easier for them to do what early adopters are already doing. That's how we got hashtags, retweet buttons and @ replies. Now you'll be able to tweet a bit longer messages, something people do now with screenshots of text, and have more public conversations, something people do now by putting a "." before someone's @username so their whole feed sees the conversation not just people who happen to follow you and the user you're conversing with. Cool. These are useful little nudges that will keep people who already love the site engaged -- even though they may have some ugly unforeseen consequences. But will they transform Twitter and spark a new wave of growth? Not likely. What would without alienating the hundreds of millions of loyal users? Tough question and we'd like to know what you think. [polldaddy poll=9429603] Cheers, Jason [Image by dominiccampbell | Flickr]
Allegations that Facebook "suppressed" conservative news, first reported by Gizmodo, quickly snowballed into broader charges that Facebook "censors" viewpoints its employees doesn't like. Facebook is the first access point to the internet for hundreds of millions if not a billion people around the world. And for millennials in the U.S., it is their primary source for political news. Some have suggested that the site could actually tilt the 2016 U.S. presidential election. Hence Facebook takes these allegations and the damage they've done to Facebook's image among conservatives seriously. Users will never be able to control the "Trending" section of the site, which Facebook insists is handled objectively as possible through curators (and, apparently, a lot of help from Google). But you do have some control over your news feed, which is generated by Facebook's algorithm "Edgerank." There are things you can do to influence your feed in hopes of seeing a diverse flow of information that doesn't simply confirm your biases. Here are 5: Get rid of the noise. Go to https://www.facebook.com/friends/organize and add the people you want to get less news from to your "acquaintances" list. You'll see their posts a lot less often and -- best of all -- they'll have no idea you've demoted them. Let Facebook do less of the picking for you. On the left column of your home page, under Favorites, next to News Feed click the arrow and select "Most Recent". This won't turn off Facebook's algorithm completely, but it will make it more likely you'll see a diversity of sources in your feed. Trust someone. Find a few people you respect who have a different political leanings than you and ask them for one Facebook page to follow. Just one? That's enough. Once you like the page, Facebook will help from there by suggesting a few pages with similar leanings. Of course, you're relying on Facebook's recommendations. But if you don't trust Facebook at all, this would be a good time to delete your account. Prioritize the new blood. Click on the down arrow in the upper right corner of any Facebook page and select "News Feed Preferences" and then select "Prioritize who to see first" and then on the dropdown menu select "Pages only." Now click on those new pages you just added to your stream -- along with the other valuable news sources you think help keep you informed. 5. Teach Facebook what you like. When you see something you like, click on it, comment on it, interact with it. Facebook exists to keep you in Facebook and will reward your clicks with similar content. And if you get a post you don't like, you can tell Facebook by clicking on that subtle little down arrow, which will show you this: Yes, you're sort of "censoring" your feed. But at least it's you doing it. Cheers, Jason [Image by Turinboy | Flickr]
Many of you have seen them. And some of you have no doubt been victims too. Malware spreading through social media sites, like Facebook, is definitively something you should look out for. You know those posts. You raise your eyebrows when old Aunt Sophie suddenly shares a pornographic video with all her friends. You had no idea she was into that kind of stuff! Well, she isn’t (necessary). She’s just got infected with a special kind of malware called a social bot. So what’s going on here? You might feel tempted to check what “Aunt Sophie” really shared with you. But unfortunately your computer isn’t set up properly to watch the video. It lacks some kind of video thingy that need to be installed. Luckily it is easy to fix, you just click the provided link and approve the installation. And you are ready to dive into Aunt Sophie’s stuff. Yes, you probably already figured out where this is going. The social bots are excellent examples of how technology and social tricks can work together. The actual malware is naturally the “video thingy” that people are tricked to install. To be more precise, it’s usually an extension to your browser. And it’s often masqueraded as a video codec, that is a module that understands and can show a certain video format. Once installed, these extensions run in your browser with access to your social media accounts. And your friends start to receive juicy videos from you. There are several significant social engineering tricks involved here. First you are presented with content that people want to see. Juicy things like porn or exposed celebrities always work well. But it may actually be anything, from breaking news to cute animals. The content also feels safer and more trustworthy because it seems to come from one of your friends. The final trick is to masquerade the malware as a necessary system component. Well, when you want to see the video, then nothing stops you from viewing it. Right? It’s so easy to tell people to never accept this kind of additional software. But in reality it’s harder than that. Our technological environment is very heterogeneous and there’s content that devices can’t display out of the box. So we need to install some extensions. Not to talk about the numerous video formats out there. Hand on heart, how many of you can list the video formats your computer currently supports? And which significant formats aren’t supported? A more practical piece of advice is to only approve extensions when viewing content from a reliable source. And we have learned that Facebook isn’t one. On the other hand, you might open a video on a newspaper or magazine that you frequently visit, and this triggers a request to install a module. This is usually safe because you initiated the video viewing from a service that shouldn’t have malicious intents. But what if you already are “Aunt Sophie” and people are calling about your strange posts? Good first aid is going to our On-line Scanner. That’s a quick way to check your system for malware. A more sustainable solution is our F-Secure SAFE. Ok, finally the poll. How do you react when suddenly told that you need to download and install software to view a video? Be honest, how did you deal with this before reading this blog? [polldaddy poll=9394383] Safe surfing, Micke Image: Facebook.com screenshot