Very recently facebook promoted the usage of https to facebook access.While this went mostly unnoticed ,a very small community of people started to use the feature.Majority of the people didnt even understood the funda and passed it on.So I decided to give it a try and share my experience with you people.
Normally facebook allows both http and https options for browsing but apps are not working in https.
What is http
In a technical jargon http stands for "Hyper-text Transfer Protocol".Its a good thing that they abbreviated to Http.Ok now for the fun stuff.Http is actually a network protocol.Its something like a list of rules what or how your and my computer wants to speak over the internet.If put in a better way say its like a guideline or rules which forces you to speak in a proper manner(yes like grammar).To know more technical and geeky stuffs head on to wikipedia and check out the OSI layer and network protocol.
Similarly there are many more protocols.Here is just a brief list of things(Skip if you are already yawning).The complete list can be found in Wikipedia
Hypertext Transfer Protocol (HTTP)
Mainly used to speak to the server (facebook,google,yahoo etc) and settle some rules for you to check the website and how it should speak back to you.Do not confuse this with the Hypertext Markup Language (HTML). HTML is the language used to write web pages.
Post Office Protocol (POP3)/Simple Mail Transfer Protocol(SMTP)/Internet Message Access Protocol(IMAP)
All these are mostly used up when you send or receive a email.POP3 and IMAP are responsible for receiving your email and SMTP..yup you guessed it,for sending mail.
File Transfer Protocol (FTP)
Whenever you are downloading a file(pic,songs etc) to your hard-drive you use this one.It copies one file from one Server to your pc and vice versa..
Ok enough of this Technical Stuff..Please Straight to the point
Okay..okay..So whats the difference between http and https..Simple there is an extra s.Well thats a correct one.Actually the s stands for secure.Means this guarantee of security of the website has been given by a company with something called as a digital certificate.
Hey even I have lots of certificates and I have heard that they can be easily faked.
Well unlike the certificates in real life an SSL certificate is a digital certificate that authenticates the identity of a Web site to visiting browsers and encrypts information for the server via Secure Sockets Layer (SSL) technology.
A certificate serves as an electronic “passport” that establishes an online entity’s credentials when doing business on the Web. When an Internet user attempts to send confidential information to a Web server, the user’s browser will access the server’s digital certificate and establish a secure connection
Information contained in the certificate includes:
- The certificate holder’s name (individual or company)*
- The certificate’s serial number and expiration date
- Copy of the certificate holder’s public key
- The digital signature of the certificate-issuing authority
Umm..lets take an example...
Password:PLEASE SOMEONE CORRECT ME IF I'M WRONG HERE*
Password is strictly alphanumeric. So there are 26 letters + 26 capital letters + 10 digits.
That's 62 possible characters. The amount of combinations would be:
Lets assume that the brute force lats attempt is your password. I don't know how long it takes for a password cracker to generate and try a single combination. If that time is 1 second, the password would be cracked in 393257529003599914.768 YEARS. Even if it takes a millionth of a second to generate and try the combination.
(For 1/1,000,000 of a second: 393257529003.59 YEARS - THAT'S 26 TIMES THE AGE OF THE UNIVERSE)
Lets say that the hacker has the most powerful super computer Tianhe-I(with capacity of 1,000,000,000,000,000 calculations per second) it would take roughly 393 years to break.But then the normal 256 bit means 32 charcters(including all ascii sets)
Now imaging NOT KNOWING the amount of characters...
Try this link.Dont use any of your original password.Try something random.
I say the person will not try to hack the password rather will use a backdoor entry or bypass mechanism to gain acces.
Now thats the real question-What are the backdoor entries or bypass mechanism to facebook
Lets take a closer look and compare two applications in facebook.
Intially if you are on https connection then facebook will prompt to swich over to http
Next lets take two typical applications.When it comes to giving permission.....
So to Summarize if you are using facebook apps:
- It openly says that it will post to your wall without your permission.
- In some cases access your data and photo album.
- It is hosted in 3rd party websites(not in facebook) for which facebook has no credentiability.
- Its on a http network where a hacker can easily check and find out your usage or even worse hack your profile or use the personal information for a different purpose.
The solution is the choice between security and fun.One can be chosen at atime sacrificing others.However the choice of fun cant be fully down security.
Gaming sites like Zynga hosting popular games like Farmville,Cafeworld and Mafia Wars should be having dedicated security team.Being the top #133 website does pose some reputaion stuff onto itself.
Whereas apps like view my infographics shows :Site Ranking #1,674,405.
Lets Do a case Study.
Originating Site:http://zapumal.info/(Page Rank:1,079,656 )
Author Info:I am currently studying for my BSc Degree on Electronic and Telecommunication Engineering in Sri Lanka. this blog is to share things i do on my free time. Well it will go from technical to non technical. These days i am more interested on RC aircrafts and testing on them. I also hope to share my other hobbies here such as numismatics in future. Keeping it simple here is my facebook badge
The blog is a lot successful with visitors from around 50 countries within the first 3 months (Copy and Pasted)
If you visit the site you will see that he has mastered the art of developing facebook app.There are plenty of apps in his site only.
Think over it.Wether you can risk to put you and your dear ones in the line of fire..Can you tolerate and handle some really nasty comments when someday you might stumble upon a morphed picture of them..or try to explain friends in facebook for the violent/bad/**** comments that suddently was posted to your wall.
Here comes the best...can you really enjoy the scene knowing that you once had read about it in an article and didnt bothered to pay attention.......Think