The hazards to privacy on Facebook have been learned the hard way by some who've had their profiles hijacked by applications. But when the someone who gets his profile hijacked is Facebook CEO Mark Zuckerberg, it gets a little more rapid attention from Facebook's support team.
On January 25, an anonymous hacker posted a message on Zuckerberg's "fan page" using his profile. Facebook took the whole page down, but not before more than a thousand people had "liked" the comment, and over 400 had commented on it—some in confusion. The post began "Let the hacking begin", and ended with a "hashtag" that referred to Facebook's programming contest, the Facebook Hacker Cup.
So, it's with some irony that on the very next day, Facebook announced that the company was going to offer a new security feature to users that will eliminate the threat of "sidejacking" of Facebook accounts.
The new feature, called Secure Browsing, uses an encrypted connection to protect user's login information and keep others from snooping on the information sent back and forth between the Facebook site and the user's browser. Just like when you're browsing a bank website or some other secure site, Facebook will connect with an HTTPS secure connection (through https://www.facebook.com).
Secure browsing blocks the sort of attack used by the FireSheep browser plug-in I've written about, which allows others on the same WiFi network to detect your Facebook session data and jump in and take it over. To use the new connection, just go to the "account security" section on your Facebook Account Settings page, then select the"Secure Browsing" check-box. There are some side-effects to secure browsing that you may not like. For one thing, some Facebook features and applications don' support secure connections yet, so they will break when you switch. Also, your Facebook experience may get a bit slower, since it takes more time for the browser to open encrypted pages.
Another new security feature that Facebook is considering deploying is something called "social authentication". Instead of using a password or making you type in words in an image (like the "Captcha" control we use on our comments form), Facebook is looking at using pictures of your friends, and asking you to identify them. This could either be a great idea or a bad one, depending on how your friends have been tagged in Facebook pictures—or whether you can remember what all 500 of your friends look like.