Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Twitter quietly rolls out default HTTPS for users

According to security researcher Julian Evans, the move has been presaged by user requests after many of its internet users were hit by hackers with the Firesheep plugin late last year.

As reported late last year, the Firesheep add-in auto-harvests user cookies on public access WiFi hotspots where users are surfing the internet in the clear. Whilst the problem of cookie interception on public WiFi hot spots has been known about for some time, the creation of the add-in opened up cookie harvesting for anyone using the Firefox browser.

Evans reports that Twitter's public relations department has been tweeting about the HTTPS upgrade this week, although he notes that HTTPS does not currently auto-trigger with mobile browsers, so users need to go to https://mobile.twitter.com to use the secure IP session feature.

“Twitter is apparently working on a solution whereby you will be able to use the HTTPS setting on both twitter.com and mobile.twitter.com”, he says in his latest security posting, adding that HTTPS is already the default in the service's official Twitter for iPhone and iPad applications.

Evans goes on to say that other third-party Twitter apps such as the popular TweetDeck software for desktop and portable devices, may or may not support HTTPS, so he suggest users first check with these Twitter app developers before downloading and installing.

What’s Hot on Infosecurity Magazine?