Twitter recently became the latest major site to bow to pressure to make itself more secure. It added the option for users to permanently run the site via HTTPS, a more secure protocol that foils simple hacking strategies that have gained major press of late.
Twitterers had already had an option of logging into Twitter via HTTPS in the past, by directing their browser straight to https:/twitter.com. The recent update makes the process simpler. Users who choose “Always use HTTPS” in their settings (which all can do now), should be aware, however, that their Twitter use will not automatically be secured via HTTPS while on their mobile browsers. For that, you’ll need to go to https:/mobile.twitter.com.
Twitter joins other websites, including Facebook, which had come under pressure of late to make their sites more secure. Since January 26th, Facebook expanded its usage of HTTPS. An option within the “Account Security” subcategory on the Accounts page of Facebook has a box with the option: “Browse Facebook on a secure connection (https) whenever possible.”
These actions should have come sooner. Programs like Firesheep exposed “gaping privacy holes” in Twitter, Facebook, Foursquare, and other sites, as Fast Company noted back in October. Firesheep, a Firefox extension by developer Eric Butler, was created to make hacking others’ social media accounts simple. It takes advantage of “browser cookies” that identify you as you browse a website, and transforms hacking into such a simple, user-friendly affair that just about anyone can hack the person sitting next to them in a coffeeshop.
In late February, Senator Charles Schumer held a press conference in a Manhattan cafe to demonstrate the dangers of Firesheep, having an aide hack another aide’s Twitter account while reporters watched. Schumer called HTTP “a welcome mat for would-be hackers” and a “one-stop-shop for identity theft.”
The relatively swift response of sites like Facebook and Twitter appears to bear out Butler’s belief that by making hacking easier, he was actually helping to make these sites more secure. The Firesheep episode now looks like an act of white-hat hacking.