Twitter Offers Users A Default SSL Setting

  /     /     /  
Publicated : 22/11/2024   Category : security


Twitter Offers Users A Default SSL Setting


New Always use HTTPS setting the next step toward default HTTPS for everyone, Twitter says



Twitter took a step closer to providing full-blown SSL encryption for all connections to its site: The social network today announced that users now can manually set their accounts to HTTPS by default.
The move comes on the heels of a similar offering by Facebook, as well as intensified criticism over Twitters lack of full-blown SSL support. For some time, users have been able to use Twitter via HTTPS by going to https://twitter.com. Weve made it simpler for users to do this by adding the option to always use HTTPS, the company said in a blog post this afternoon.
Twitter already had implemented SSL by default for the login process via the Web and on its Twitter for iPhone and iPad applications. Still, not all Twitter access is SSL-protected: To get SSL from a mobile device, users still have to visit https://mobile.twitter.com. We are working on a solution that will share the Always use HTTPS setting across twitter.com and mobile.twitter.com, so you dont have to think about which device youre using when you want to check Twitter. If you use a third-party application, you should check to see if that app offers HTTPS, Twitter said in its blog.
The lack of default HTTPS for both Facebooks and Twitters sites has been under the spotlight recently, starting with the arrival of the
Firesheep tool last fall
that simplifies sidejacking, or hijacking someones HTML session cookies over a WiFi connection. WiFi is notoriously risky, and most websites today arent SSL-encrypted, leaving users open to having their sessions sniffed and hijacked when they log onto sites, such as Twitter, from the WiFi at Starbucks. Firesheep basically makes this type of attack easy enough for any nontechnical person to do: The tool pops up a window, you click the Start Capturing button, and it finds and displays user accounts currently on insecure websites via the WiFi network.
Twitter says the HTTPS user option will help protect members using Twitter over unsecured connections, such as WiFi. In the future, we hope to make HTTPS the default setting, the Twitter blog said.
But as with Facebooks HTTPS option, the social network is leaving it up to the user to secure his or her access to the site, an approach that security experts say is flawed in that it expects nontechnical consumers to take the initiative. Even so, security experts applauded the move by the social network and are urging Twitter users to enable the new SSL setting.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security

▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security

▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Twitter Offers Users A Default SSL Setting