Twitter goes secure - say goodbye to Firesheep with "Always use HTTPS" option

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Good news on the social networking security front is that Twitter has finally got its act together to offer an Always use HTTPS option.

If you turn on this option, all of your personalised interaction with Twitter will be encrypted - not only while you are logging in, but also while you are posting tweets.

A lot of people fail to recognise the value of using HTTPS on Twitter. As long as your username and password are sent over HTTPS, so no-one can sniff them out of the ether, who cares if your tweets go over plain HTTP? After all, a tweet is meant to be public.

The problem is that once you have logged in, Twitter sends your browser a session cookie. This is a one-time secret. It is unique to your account and the current session.

Because your browser retransmits this session cookie in all future requests to the Twitter site, Twitter can see that it's you coming back for more. So you don't need to put in your username and password for every single tweet you send. You login once, and the session cookie identifies you for the rest of the current session.

Unfortunately, if you login to Twitter over unencrypted WiFi - e.g. at a coffee shop or an airport lounge - then anyone who can sniff your session cookie can pretend to be you. That means they can post tweets as you. And you don't want that. (It happened to Mr Demi Moore, a.k.a. Ashton Kutcher, recently, no doubt to his considerable embarrassment.)

More details - link
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
This is worth mentioning. :) At least it looks like they are trying to improve upon it. Compared to Facebook, it kept telling me to switch back to normal HTTP. :grrrrrr:

Why wouldn't I check Always use HTTPS?

  • We encourage you to enable Always use HTTPS in your Settings.
  • Some users may find Twitter over HTTPS slightly slower than plain old HTTP, especially if using an Internet connection that’s already slow. We're working to make Twitter just as fast on HTTPS as it is on HTTP.
  • Sometimes, when you are accessing Twitter over HTTPS, opening the details pane to view an image or video will cause a browser warning about mixed content. We're working on reducing the number of these errors as well.

How to Enable HTTPS (via Twitter Help Center)
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top