Friday, April 15, 2011

Making your sites (including Facebook) more secure with ONE LETTER

 FIREFOX USERS - There is a free plugin that will give you https wherever it is supported. (I have had some issues with it. Doing more testing and research atm )

I've said this before but there is a way to help make most sites you visit more secure with ONE LETTER. Simply add " s " after http in your address bar. This forces the site to run in secure mode like you see on pay pal and many other areas. Granted this doesn't work in a lot of places such as apps but it will give you a little piece of mind and reduce your chances of being compromised.

Best thing to do is, hit Ctl+Shift + Del . When all your cookies and stuff are deleted ( yes I know its nice to have your PC save your fav sites etc) but this time make sure you type in https before all your favorite sites and bookmarks. This way it should remember your preference for "secure"

One fellow blogger collected 20-40 identities within 30 minutes at a Starbucks using a simple program available to anyone. That's including facebook logins, twitter, and credit cards I believe.

Thanks all for helping make us more secure !


 A question was posed to me on facebook:

Jess McSexypants ( names changed to protect identities) -  Is there any way of having the 's' there all the time?

If she was referring to on FB the answer is yes and no.

The reason the answer is yes and no, is that when a person connects to a website via HTTPS, the website encrypts the session with a digital certificate. You can tell if they are connected to a secure website if the website URL begins with https:// instead of http://  When a site wants to be more secure or maybe just get more traffic(1) They apply for a digital certificate from a CA (Certificate Authority).The CA will issue an encrypted digital certificate that contains the applicant's public key and a various other identification info. Yada yada basically what happens is a "digital handshake" and confirmation that this is indeed the site it claims to be and is secure. The digital cert has to be leased on a yearly basis from the CA. Prices vary dependent on many factors but the fact remains that it costs money. This might not be a cost they can afford or maybe the cert has expired and has not been renewed/updated yet. Many sites including this one cannot be made https. This does not mean that we aren't trustworthy, just broke.

Facebooks's Q/A involving their security OPT IN features and https.

(1)  Why secure equals more people. This is due to not being " questionable " by anti-virus / web-security programs such as Norton. It will instead come up with a green check-mark or something similar instead of a gray ? mark.

 (Props to my computer security professor ) And one of the millions of "Security Now" podcasts that I think I heard all of this on originally.


  1. I did this and it worked well, until I went to play apps. They did not like the 'https' so needed to log in 'http' separately for each one and on a few I got an error message. :)

  2. Thanks for the comment ! I've noticed that as well. If you'll look Facebook claims they are going to switch you to http instead of https until you return, but it doesn't. Rather annoying to be sure. I can usually get it to work after a refresh or two.