Photo by jeff_golden
Starting October 1st, Facebook will require all apps to be hosted with valid SSL certificates and will only acknowledge requests to their API using OAuth 2.0. These additional security measures are the most recent stage of Facebook’s security overhaul in response to some of the publicized breaches especially the Firesheep debacle.
In October 2010, a Firefox plugin called Firesheep allowed nefarious users to gain access to anyone’s Facebook account if they were logged into the same unsecured network. Facebook claimed that users who were concerned about Firesheep could encrypt their session on Facebook by using the HTTPS version of the site. However, many third party apps lacked the necessary SSL certificate to serve up a HTTPS iframe. This Saturday, Facebook will finally finish the transition that will ensure that everything that is on Facebook can be encrypted via HTTPS.
These changes will provide important security for the Facebook user, and push companies hosting Facebook applications to follow more strict security standards.
