By
updated 3/25/2011 3:48:03 PM ET 2011-03-25T19:48:03

Twitter has listened to its users, competitors and at least one critical hacker and now offers an option for an encrypted “https” connection to its homepage.

“Using HTTPS for your favorite Internet services is particularly important when using them over unsecured WiFi connections,” chirped the microblogging service’s Carolyn Penner on the company’s official blog yesterday (March 15).

Penner is right. Naughty PC users sitting near you in a café or airport can easily “sidejack” your unencrypted social-networking sessions, as a prankish researcher proved last fall when he released the sidejacking Firefox add-on Firesheep to an unprepared world.

Facebook in January enabled an “always-encrypted” option in its user settings, but Twitter, despite its simpler interface, was taking its sweet time.

It did let users access its home page via “https://twitter.com” instead of the regular “http” protocol prefix, but such a manual workaround gets tiresome quickly.

Impatience among Twitter users was perhaps best expressed two weeks ago when someone sidejacked actor Ashton Kutcher’s feed while the Hollywood and Twitter star was attending the TED Conference in Long Beach, Calif.

“Ashton, you’ve been Punk’d,” the miscreant tweeted on Kutcher’s AplusK feed. “This account is not secure. Dude, where’s my SSL?”

In networking parlance, SSL — secure sockets layer — is combined with the Web-standard hypertext transfer protocol (HTTP) to form the hypertext transfer protocol secure, or HTTPS.

Now every Twitter user can go to his or her settings page and check off “Always use HTTPS” to ensure automatic encryption when accessing the Twitter website.

It also works for users of the official Twitter iPhone and iPad apps.

However, that doesn’t affect those Twitter users who access the service via any of dozens of third-party smartphone apps and browser add-ons, each of which has its own encryption policies.

Penner recommends that those users instead browse straight to the encrypted front pages: https://twitter.com and https://mobile.twitter.com.

 

© 2012 SecurityNewsDaily. All rights reserved

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments