Stealing A Facebook Account In Less Than 5 Minutes

Posted by on November 30, 2010.

Are you aware how easy it is for even the most novice computer user to steal access to your Facebook/Amazon.com/Gmail/Twitter/Flickr account- in less than 5 minutes?

If you aren’t, I highly suggest you keep reading so you can learn how to protect yourself.

Websites like Facebook (and the others listed above) require a username and a password for access. Computers send and receive data all the time. The type of data that is transferred over a network when a user logs into a website is known as a cookie. Cookies act like tickets to a theme park- once you enter you can go anywhere within the park (in our example, anywhere within the website without having to sign-in again).

The easiest way to protect your cookies is by sending them through an encrypted connection. Without going into too much detail, encrypted traffic can not be sniffed [easily] (obtained by another person on the network). Most websites that require authorization for access will force a SSL (secure) connection to ensure the security of the data being sent from your computer to the website. Unfortunately there are many websites in existence today that still do not force a secure connection, leaving all of your personal, credit card, user name and password information at a high risk! All it takes on an insecure, public internet (college, free WiFi, etc) connection is one person to steal a cookie from your session. Essentially, a hacker will use that stolen cookie to regain entrance into the website (and your account).

Now, it’s likely you are asking how to protect yourself from becoming a victim- the answer is quite simple; ensure all personal information is communicated through a secured connection. To verify if you are using a secured connection, look in the address bar of your web browser and note the ‘http’ prefix.

Does your URL say:
http://facebook.com (Insecure – High Risk!)
https://facebook.com (Secured – Low Risk.)

Luckily for the not-so-tech-savvy there are several tools already available to help protect you from this risk.

TIP! Gmail users can protect themselves by using the built-in browser connection setting. Sign into your Gmail account, go to Settings. Select the ‘Always use https’ option and then ‘Save Changes’.

If your using Internet Explorer:
Your best option right now is to install the user-script ‘Facebook Secure Connection – Force Https (SSL)‘. Unfortunately, this will only protect traffic through Facebook.com. (Note: The initial login will not be encrypted, but everything there after will be.)

If your using Mozilla Firefox:
The best method of protection is to install EFF’s ‘HTTPS Everywhere‘ extension. HTTPS Everywhere will protect you on most websites that require authorization.

If your using Google Chrome:
Your options are limited like Internet Explorer, you can use the plugin ‘Facebook Secure Connection (Force Https SSL)‘. (Note: The initial login will not be encrypted, but everything there after will be.)

OR

For Mac (OS X) users:
You can install the application ‘SideStep‘. SideStep will automatically secure all insecure connections initialized from your Mac. If your using a Mac, I highly suggest this option!

For Windows (PC) users:
You can install the application ‘Proxy Switcher‘. Proxy Switcher will re-route your internet traffic through proxy servers with ease, protecting your information from the locals on your network.

If your not surfing the web with Firefox, then it might be in your best interest to download it (http://firefox.com) and install the HTTPS Everywhere extension. If your using a Mac, your best bet is to install SideStep (unless your using Firefox to do web browsing, in which you should use HTTPS Everywhere).

It is important to mention Facebook does not support a secure connection through their chat server. This means if you are using a secure connection to access Facebook, you will not be able to access chat.

TIP! Always remember to log out of any accounts you sign into when you are finished. Closing your cookie session will render any old cookies useless.

One Comment

Trackbacks / Pingbacks

Leave a Reply