Twitter enables HTTPS in safe tweeting bid

Twitter enables HTTPS in safe tweeting bid

Tags:    encryption   HTTP   Twitter

By Sophie Curtis | Feb 22, 2012

Twitter has enabled secure hypertext transfer protocol (HTTPS) for all its users by default, meaning that traffic on the micro-blogging site is now encrypted, providing better protection against man-in-the-middle attacks.
 
HTTPS keeps the session cookie encrypted throughout the log-in session, preventing the information from being intercepted. Twitter, which made opt-in HTTPS available to users for the first time last March, said that it is particularly important to use the encrypted protocol when accessing Twitter over an unsecured Internet connection, like a public Wi-Fi hotspot.
 
"HTTPS is one of the best ways to keep your account safe and it will only get better as we continue to improve HTTPS support on our web and mobile clients," said Twitter in a blog post.
 
Users still have the option to turn off HTTPS through the Account Settings page.
 
The move was welcomed by security firm Sophos, which said that using public Wi-Fi hotspots to access Twitter without enabling HTTPS could allow a hacker to "sniff your session cookie". This means they could post tweets as you, or read your private direct messages.
 
"Don't imagine that sniffing session cookies from unencrypted connections is rocket science," said Graham Cluley, senior technology consultant at Sophos. "Tools such as Firesheep have made it child's play in the past for anyone to access the Twitter or Facebook account of someone close by if they haven't taken the right precautions."
 
Cluley pointed out that actor Ashton Kutcher's Twitter account was hacked during the brainbox TED Conference last year. The hacker accessed Kutcher's account over an unencrypted Wi-Fi connection and posted pro-SSL graffiti in his name.
 
 
12 > >>

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
Verification Code
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Trusted Mobility Index
The mobile ecosystem of devices, services and networks is at a critical inflection point.While the mobile revolution is unleashing massive opportunities in both emerging and mature economies, it is also increasing in complexity and confusion. The reality is the lightning-fast adoption of powerful, smart devices is outpacing society’s ability to secure them. Today, trust in mobility hangs in the balance.
The state of the Internet, Q4, 2011
Geography appears to play a role in frequency of observed attacks on specific ports. For example, Port 23 (Telnet) is a favorite target for attacks observed to be originating from South Korea and Turkey, where it accounted for more than five times the number of attacks targeting the next most popular port (445 in both countries). Other instances of geography-based port targeting include observed attacks centered on Port 1433 (Microsoft SQL Server) in China and on Port 80 (WWW/HTTP) in Indonesia.
 
 
 
HID Global deploys a centralized, web-based IP access control solution at Fuxi Power Plant
Unable to meet the needs for real-time monitoring with its traditional patrol system, China's Fuxi Power Plant has deployed HID Global's VertX V2000.
StubHub: How to spot fraud before it happens
Whenever a list of log-on credentials is dumped onto the Web, retailers get hit with waves of automated attacks. Here's how ticket marketplace StubHub fights the threat.