This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Twitter begins moving users to default #HTTPS sessions

Share this article:

Twitter is to begin switching user sessions to https by default.

A tweet from the micro-blogging website's global PR page announced that it was starting to turn HTTPS on by default for some users, after it introduced optional HTTPS sessions earlier this year. Then users had to enable HTTPS manually.

The news follows another recent announcement from Yahoo, where it said that it was ‘committed to ultimately bringing a solution to the marketplace', despite not offering HTTPS for webmail.

In a statement posted on Twitter around its lack of HTTPS for webmail, Yahoo! said: “Yahoo! is committed to protecting the security and privacy of online communications through our products. The Yahoo! Mail team is actively engaged in developing and testing more secure platforms for our users that keep performance top of mind. This is a complex and challenging area but Yahoo! is committed to ultimately bringing a solution to the marketplace.”

HTTPS, and SSL level encryption which the traffic is sent through, was last prominently in the news when the Mozilla Firefox extension Firesheep demonstrated the ease at which HTTP sessions could be ‘sniffed' and hijacked. That also made it possible for a third party to impersonate users by hijacking their sessions.

Ivan Ristic, director of engineering at Qualys, was asked if he felt whether more websites should be offering secure connectivity. He said: “Our research found that most sites fail to use SSL properly, which means that they are simply not secure. We are not even talking about getting everything right, most sites fail to get the basics right.

“The only way to be secure is to have sites that have 100 per cent SSL coverage, but such sites are still very rare. I feel that more sites should be offering secure connectivity but even those sites that claim to secure HTTPS don't do it well enough to achieve real security.”

Asked if he felt that Firesheep had helped raise the awareness of SSL, Ristic said he felt that Firesheep helped a lot.

“If you look at the SSL/TLS security community, we've been talking about how important it is to use 100 per cent secure communication to protect web applications. Despite that, very few sites and developers were actually paying attention,” he said.

“When Firesheep appeared, it showed how easy it actually was to hack non-SSL sessions and people responded to the threat. My conclusion is that developers, on average, are simply not aware of security issues and they need a highly public event to notice them.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

4% of Googlebots are fake and can launch attacks

4% of Googlebots are fake and can ...

Admins' fear of damaging their SEO gives malicious search engine bots a 'VIP pass' into sites.

Brit Lauri Love faces more US hacking charges

Brit Lauri Love faces more US hacking charges

Lauri Love, a 29-year-old British man from Stradishall in Suffolk, has been charged by a US court with hacking into multiple US government computers and stealing more than 100,000 employee ...

More questions than answers as BBC outage fuels DDoS talk

More questions than answers as BBC outage fuels ...

The British Broadcasting Corporation was hit by a prolonged outage on its website and iPlayer video-on-demand service (VOD) last weekend, raising questions about the cause and whether it was subjected ...