The Hacker News Logo
Subscribe to Newsletter

Facebook implementing Advanced HTTPS to minimize NSA Interception


For years the National Security Agency has successfully shielded its surveillance programs from any real public scrutiny. There have been a lot of news stories about NSA surveillance programs following the leaks of secret documents by Edward Snowden.

We have learned that the NSA is collecting millions of Americans’ phone records on a daily basis, that it operates a program called PRISM involving the surveillance of Internet communications, including Email, Facebook posts, and instant messages.

The NSA is allowed to record the conversations of non-Americans without a specific warrant for each person monitored, if at least one end of the conversation is outside of the U.S. It is also allowed to record the communications of Americans if they are outside the U.S. and the NSA first gets a warrant for each case.
Because Facebook is using outdated Web encryption, which cryptographers say the NSA could penetrate reasonably quickly after intercepting the communications using master key.

But now, Facebook is working on implementing an security measure that would would make eavesdropping on your encrypted traffic with the website extremely difficult. Facebook uses encryption keys with a length of only 1024 bits with HTTPS connection and now planning to change the length of the keys on all of its SSL certificates to 2048 bits.

SSL is the encryption system that’s used to secure Web transmissions between clients and servers. The change in key length makes it much harder for an attacker to use known methods to break the key.

This new technique is an advanced form of HTTPS that throws away the master key and essentially makes a new key every time someone connects.

The technique has been around yet very few websites use it and Google implemented this in 2011 i.e Web companies including Apple, Microsoft, Twitter, Dropbox, and even Myspace have switched to exponentially more secure 2048 bit keys.

Metadata is a sensitive topic because there is great potential for abuse.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.