Browse archive

Latest news

Information security executives need to be strategic thinkers

U.S. tech companies sharing bug info with U.S. govt before releasing fixes

Facebook, Microsoft and Apple disclose little on U.S. government data requests

Account takeover attempts have nearly doubled

It takes 10 hours to identify a security breach

Guccifer hacks U.S. nuclear security agency chief

British GCHQ spied on G20 delegates to gain advantage in talks

Cisco teams with IBM, Lancope, LogRhythm, Splunk and Symantec

Secure automated archiving from Imation

Red Hat unveils OpenStack certification and solution marketplace

Asia-wide targeted campaign drops backdoor, RAT

ISC-CERT warns about medical devices with hard-coded passwords

Hacking charge stations for electric cars

Facebook secure browsing option thwarted

Posted on 08 February 2011.

If you were one of those people who jumped at the secure browsing option offered by Facebook a couple of weeks ago, you might be surprised to know that if you allowed a downgrading of https to http in order to use an application that couldn't work with it, you are probably not browsing securely anymore.

This is obviously a glitch that has to be fixed, and it wouldn't be such a problem if you were notified of the change by Facebook.

As it is, you only get this message when trying to access an application that doesn't work via http: "Sorry! We can't display this content while you're viewing Facebook over a secure connection (https). To use this app, you'll need to switch to a regular connection (http).".

Softpedia reports that a click on the "Continue" button performs the downgrade to http, but also automatically deselects the secure browsing option.

Until this feature is fixed, you would do well to take this fact into consideration when surfing from unsecured networks.