Facebook Introduces New Features to Improve Security

Feb. 2, 2011 - PRLog -- Over the last few years, social media sites such as Facebook, Twitter, LinkedIn and MySpace among others have grown in popularity. The popularity of these sites not only resulted in increased membership, but also resulted in availability of loads of personal information. The utility of the social media sites also encouraged organizations to use them for promotional activities. The easy available personal and business information on these sites have made them the favorite target of attackers. Facebook, in particular has suffered numerous security breaches. Criminals not only create fake accounts, but also attempt to gain unauthorized access to user accounts compromising information security.

Recently, Facebook announced steps to streamline security. Facebook will now be available on a secured HTTPS connection. Users have to enable the HTTPS option available in the account security section of account settings page. The site now provides secured connection to all its pages. The security improvement may prevent attackers from reading the cookies and exploit them to gain unauthorized access. The transmission of information through security socket layer (SSL) may also prevent attackers from hijacking sessions through use of Firefox extension Firesheep.

Users now have the benefit of using one-time passwords, while accessing Facebook accounts from public computers at hotels, airports, colleges, libraries, Internet cafes and wireless hotspots. Facebook users in United States (U.S) can request one-time passwords through their mobile phones. The password is active for 20 minutes. The feature addresses the security concerns on using regular passwords for the Facebook account on public computers.

Information security professionals at Facebook have added another security feature, which offers remote log out facility to users. Through the new feature, users may view the recent account activity under the Account security section of the Account Settings page. The account security section displays the active session, last accessed time, device name, location and the device type. Users may remotely close the session, if they suspect unauthorized use or if they realize they have accessed the site through a friends account and forgot to log out.  

Usually, ethical hacking is used to test the security and enhance the strength of the sites. As attackers continue to target social media sites, IT security experts must regularly evaluate the security threats to the site, user accounts, evolve new solutions and mitigate flaws. Improvements in security may facilitate people to continue benefitting from the new mode of social interaction.

Contact Press

EC-Council
Website:  http://www.eccouncil.org
Email:  iclass@eccouncil.org
Tel:  505-341-3228

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences.

# # #

iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI).