Facebook works with Google, Yahoo and Mozilla on secure session cookie
After turning on https connection for facebook users, now facebook is working with Google, Yahoo and Mozilla on a secure session cookie specification that will protect session cookie from theft even over non-encrypted connections. This new specification is MAC Access Authentication that provide cryptographic verification for certain portions of HTTP requests. Here MAC is Message Authentication Code. this prevents MAN IN THE MIDDLE attack.
Facebook told developers in a post detailing recent changes to its app platform, "We’re working with Yahoo!, Google and Mozilla on this specification in order to give all websites a way to ensure that session information has not been altered or tampered with". Facebook also asked developers to use SSL connection for apps by october.
Recently facebook user data was leaked by some app tokens vulnerability, so facebook is forcing all developers to use SSL. Every time the facebook got some trouble, app is the reason. So facebook is trying each and every possible way to secure it's users from scams and data theft.
No comments:
Post a Comment