Facebook Supports HTTPS Secure Connection
Posted on by Zuly GonzalezCategories How To, Security, Web Security7 Comments on Facebook Supports HTTPS Secure Connection

HTTPS Secure ConnectionFacebook announced that it will expand its current usage of HTTPS to all Facebook pages.  Until now Facebook had only supported HTTPS on its login page in order to encrypt a user’s password. Now they will give users the option to experience Facebook entirely over HTTPS.

This is a huge step forward for Facebook, who in my opinion, has hugely neglected the privacy and security issues plaguing the social network. My only complaint is that Facebook has decided not to make this a default setting, so users must manually turn the option on (I show you how to do this below). Facebook points out that some features, including many third-party applications, are currently not supported in HTTPS. They are working to resolve those issues, and claim that they plan to offer HTTPS as a default in the future. Let’s hope they keep their word.

What Is HTTPS?

HTTPS is a protocol that allows secure communication with a website by encrypting user data, and prevents eavesdroppers from obtaining your personal information. HTTPS is used by online banking and financial institutions to secure your financial information.

Because there are tools available that allow malicious attackers to obtain unencrypted data being transferred by your web browser, it is especially important to use HTTPS when using an unprotected public Wi-Fi connection, such as those found at Starbucks and airports.

You know you are in an HTTPS session if you see https in the address bar, instead of http. You will also see a yellow lock in your browser window. Internet Explorer displays the lock in the address bar, while Firefox displays the lock in the lower right corner of your browser window. And depending on what browser you use, the address bar may change color when in an HTTPS session.

How to Enable HTTPS

As I mentioned above, Facebook did not enable HTTPS usage by default, so if you want to use HTTPS on Facebook, you must manually set it. Here I show you how to do this. (Please note that this feature will not be available to all 500 million users at once, but will instead be rolled out slowly over the next few weeks.)

I highly encourage you to set HTTPS as your default, especially if you frequently use unsecured public Wi-Fi. If you are relying on remembering to switch over to HTTPS when in public, I can almost guarantee you will forget. It’s best to set it, and forget it. If having HTTPS enabled becomes too annoying for you because you just can’t get enough of FarmVille, then you can always turn it off.

To enable HTTPS, first go to Account Settings. You can find Account Settings in the Account tab drop down menu located in the upper right corner.

Facebook Account Settings

Once in the Account Settings page, go down to Account Security and click on the change link.

Facebook Edit Account Settings

If the HTTPS feature has been rolled out to your account, you will see an option that says “Secure Browsing (https), Browse Facebook on a secure connection (https) whenever possible”. Click on the box next to that option to enable it, and hit save. If you do not see the option for Secure Browsing that means that this feature has not been rolled out to your account yet.

Facebook HTTPS Settings

For more on this, check out this video from Facebook.

And if you’re interested in Facebook security, learn how to remove malicious third party apps from your Facebook account.

Has HTTPS been rolled out to your Facebook account yet? If you’ve tried it out, how has it impacted your Facebook experience? Is it noticeably slower? Are there any games, or other apps, that don’t work?

Guide to Removing Malicious Apps From Your Facebook Account
Posted on by Zuly GonzalezCategories How To, Security, Web Security10 Comments on Guide to Removing Malicious Apps From Your Facebook Account

Let’s kick off this new year right by removing unnecessary third party apps from our social media accounts. (This blog post is a How To guide on removing third party apps from your Facebook account. For a guide on removing apps from your Twitter account, see this blog post.)

My sister informed me that she has given 146 apps permission to access her Facebook account. That is just too many! And I know for a fact that some of those apps have malicious intentions, because my Facebook wall has been spammed by some of them.

I for one, only allow a certain few applications that I trust access to my social accounts. Why? Because for starters, you don’t know what an application was really designed to do. Cyber criminals can create malicious applications designed to steal your personal information, or to take over your account in order to trick your friends into clicking on a malicious link. If you inadvertently give one of these malicious apps permission to access your account, you and your friends risk losing valuable personal information. So unless you trust the source of the application, do not give it access to your social account!

Secondly, although a third party application may be legitimate (and not intent on ruining your life), it may unknowingly contain security holes that open it up to being hacked by cyber criminals. So, the more third party apps you give permission to access your social account, the more vulnerable that account becomes.

Which Applications Should You Remove?

You should have as few third party applications as possible accessing your social accounts. Again, the more apps you have accessing your account, the more vulnerable that account is. You should remove:

  • any application you do not recognize
  • any application you no longer use or need
  • any application that has been identified as malicious or not secure

Examples of such applications include contest or prize apps you have given permission to send out a message on your behalf during a contest. For example, there are many applications designed to send out a tweet to all of your followers alerting them that you have entered a contest. That’s fine to do if you wish to, but once the contest is over, you should revoke that app’s access to your account, because it is no longer needed.

It is also good practice to remove any applications you do not recognize. Usually this means that you either gave an app permission to access your account without realizing it (a sign that the app may be malicious), or you knowingly gave it permission a long time ago, and no longer use it so you forgot about it. If it turns out that you removed an app you actually need, you can always re-allow it to access your social account. It’s better to be safe than sorry.

And of course, if a report comes out that an application you are using is malicious, you should immediately revoke its access. For example, a malicious Facebook app was recently released that spreads virally by posting itself on users’ walls.

How to Remove Apps From Your Facebook Account

To remove third party applications from your Facebook account, follow these 5 easy steps.

Step 1: While logged into your Facebook account, click on Privacy Settings. You can find Privacy Settings by clicking on the Account tab.

Facebook Privacy Settings

Step 2: Go to the bottom of the Privacy Settings page, and click on the Apps and Websites link.

Facebook Privacy Settings Page

Step 3: Click on the Edit Settings button in the Apps you use section.

Facebook App - Edit Settings

Step 4: Once in the Apps You Use Page, you will see a list of all the third party apps you have given permission to access your Facebook account. Look for any apps that you either don’t recognize or no longer have a need for. To revoke an app’s permission, simply click on the x next to the Edit Settings link.

Facebook: Remove App

Step 5: Click on the Remove button to confirm your selection.

Facebook: Confirm App RemovalAt this point the app you selected has been removed. Repeat steps 4 and 5 until you have removed all unwanted apps.

You also have the option to view the permissions each app you have given access to has. You can do this by clicking on the app. For example, the image below shows that the app I have selected only has permission to access my basic information, and send me an email. Some apps, on the other hand, pretty much have the freedom to do as they please on your account. You can use this information to help you determine whether you should revoke an app’s permission.

What a Facebook app has permission to do

If you’d like, watch the Sophos video below, which walks you through the same exact steps I just did.

Do you also have a Twitter account? Learn how to remove third party apps from your Twitter account.

How many Facebook apps have you given permission to access your account? How many apps did you end up removing? Were you surprised with what you found? Share with us in the comments.

How to Remove Third Party Apps From Your Twitter Account
Posted on by Zuly GonzalezCategories How To, Security, Web Security4 Comments on How to Remove Third Party Apps From Your Twitter Account

Let’s start off 2011 right by removing unnecessary third party apps from our social media accounts. (This blog post is a How To guide on removing third party apps from your Twitter account. For a guide on removing apps from your Facebook account, see this blog post.)

My sister informed me that she has given 146 apps permission to access her Facebook account. That is just too many! And I know for a fact that some of those apps have malicious intentions, because my Facebook wall has been spammed by some of them.

I for one, only allow a certain few applications that I trust access to my social accounts. Why? Because for starters, you don’t know what an application was really designed to do. Cyber criminals can create malicious applications designed to steal your personal information, or to take over your account in order to trick your friends into clicking on a malicious link. If you inadvertently give one of these malicious apps permission to access your account, you and your friends risk losing valuable personal information. So unless you trust the source of the application, do not give it access to your social account!

Secondly, although a third party application may be legitimate (and not intent on ruining your life), it may unknowingly contain security holes that open it up to being hacked by cyber criminals. So, the more third party apps you give permission to access your social account, the more vulnerable that account becomes.

Which Applications Should You Remove?

You should have as few third party applications as possible accessing your social accounts. Again, the more apps you have accessing your account, the more vulnerable that account is. You should remove:

  • any application you do not recognize
  • any application you no longer use or need
  • any application that has been identified as malicious or not secure

Examples of such applications include contest or prize apps you have given permission to send out a message on your behalf during a contest. For example, there are many applications designed to send out a tweet to all of your followers alerting them that you have entered a contest. That’s fine to do if you wish to, but once the contest is over, you should revoke that app’s access to your account, because it is no longer needed.

It is also good practice to remove any applications you do not recognize. Usually this means that you either gave an app permission to access your account without realizing it (a sign that the app may be malicious), or you knowingly gave it permission a long time ago, and no longer use it so you forgot about it. If it turns out that you removed an app you actually need, you can always re-allow it to access your social account. It’s better to be safe than sorry.

And of course, if a report comes out that an application you are using is malicious, you should immediately revoke its access. For example, a Trojan horse was recently discovered in repackaged versions of various applications and games in the Android Market.

How to Remove Third Party Apps

To remove third party applications from your Twitter account, follow these 3 easy steps.

Step 1: While logged into Twitter, go to Settings. You can find Settings by clicking the drop down arrow next to your Twitter username.

Twitter Account Settings

Step 2: Once in your Settings page, click on Connections.

Twitter Account Settings - Connections

Step 3: While in the Connections page, you will see a list of all the third party apps you have given permission to access your Twitter account. It will also list the date and time you gave each app permission to access your account, and the permissions given to that app (e.g. read and write access, read-only access). Look through the list for any apps that you don’t recognize, or no longer use. To remove unwanted apps, click on the Revoke Access link associated with that app.

Twitter Revoke Access To Third Party Apps

At this point any permissions you have granted that app have been revoked. You can verify the action did in fact take, if now instead of the link saying “Revoke Access” it says “Undo Revoke Access”. You will also notice that the app’s icon is now grayed out. Once you navigate away from the Connections page you will no longer see the removed app in your list.

Twitter Undo Revoke Access For Third Party Apps

Do you also have a Facebook account? Learn how to remove third party apps from your Facebook account.

What did you find in your Twitter Connections page? Were you surprised with what you found? Share with us in the comments.


Categories
Archives