How to secure your site against the Facebook hack

I guess you’ve seen how user accounts at several popular sites like Facebook and Salesforce can be hacked so someone else could get access to the users full account.
The hack is really simple and works like this:

  1. A user is logging in at Facebook (or another popular site) using an un-encrypted WIFI network
  2. Someone (the hacker) is listening to the traffic and intersects the cookie set by Facebook
  3. The hacker can then use this cookie from Facebook to login at Facebook as the user, and will that way get full access to everything on that user account.

Once the hacker has full access to the account he can easily delete or change information as he wants, or he can use the account to spam or in other ways conduct shady activities. The hacker can also change the password, and by that preventing the real user to access his own account!!! ;-(

As the security researchers have mentioned, this is a serious security issue since it’s not only a Facebook problem but several other sites are also having the same problem. A strong and hard-to-guess password is not enough to fight this issue, so even if you’ve used our random password generator to make a password you could get your Facebook account hacked.

Even your own site could be having this security problem if you have a members area or a login page, so it’s important that you as the site owner make sure your users wont get their accounts at your site hacked!!!

Luckily it’s not that hard to secure your login page/members area and it’s not at all expensive. All that’s needed is to make sure the traffic between your site and the user is encrypted and to do that you need a SSL
certificate.

In next part of this series, I will show you how to setup a SSL certificate from eXavier.com on your site and by doing so encrypting the traffic between your site and the visitors.

Tim Buchanan says:

Yay, google is my king and it helped me to find this great website !.