Since this was hardly in the news last week, I am sure most everyone missed this little story. I am sure even more eyes missed the comments I made to a friend’s posting of the story on FB.
Ryan Singel, of Wired.com, posted “Facebook Enabled HTTPS So You Can Share Without Being Hijacked” article. FB has finally implemented secure login from a users computer to FB, but only after Mr. Zuckerberg’s own account was apparently hijacked. Google implemented HTTPS on GMail last year over consumer concerns.
Security objectives in protecting consumer and company information is a shared responsibility by the business and technology organizations. I thought it would be appropriate to memorialize my comments for others to benefit on what are the fundamental security objectives. My response to my friends posting of “After Mark Zuckerberg’s own account was seemingly hijacked…” on FB are below in quotes.
We are thinking about this now and only after this? It makes you think how they treat security in other areas of their business. The basic tenants of any company is to secure data while in transit (such as your password and personal information traversing the Internet), data being process (prevent malicious software from acting on your password/personal information during login), and data at rest (controlling access to your password/personal information stored in their systems). If FB latest actions are a result of this story, it is a reactive response and continues to add doubt on how they treat the security/privacy of your personal information.