Twitter has finally bedded down secure browsing on its site for all users after previously offering HTTPS as an optional feature. In March last year it debuted the opt-in setting that enabled Secure Sockets Layer encryption, but explained at the time that the option would not be switched on by default. The secure-browsing …
Well, hell... finally...
After reading all the accounts of hacks and hijacks on The Reg, one of the first things I did when I got on Twitter was to choose the https option.
HTTPS is NOT secure in cafe's
There are linux live distros out there designed to act as a "dirty" hotspot!
Park near a cafe with van and decent antennae - swampout cafe's wifi and
snap up customers, fudge DNS and provide one or two CA's and CERT servers
and hey presto all HTTPS traffic is MITM readable. This sort of stuff
is old hat and so very very noddy.
This is done at almost every sec conf - with the muppets who use these services
getting hit by various pranks.
A VPN home and route traffic through a secured tunnel is the only safe option.
FYI I dont even trust my ISP's DNS after some of the dirty tricks they have tried on
in the past N years - never mind a coffee shops offerings.
> presto all HTTPS traffic is MITM readable.
That's not how SSL works. To perform a MITM attack without a browser exploit, and without warning or redirecting the user, the attacker would need an SSL cert for the targeted site, and the SSL cert would need to be signed by a trusted CA. There have been CAs that get compromised, so there are fake certs floating around, but it's not common. So no, this doesn't happen very often.
Re: HTTPS is NOT secure in cafe's
Jacqui - clearly you don't understand how HTTPS works -.-'
God forbid any of that mindless drivel get intercepted by anyone. Now the world can be a safer place to tweet, for all the twits using it.
I'm pooping. Securely.
Are ya wearing lead lined Depends?
- Boffins attempt to prove the UNIVERSE IS JUST A HOLOGRAM
- Review Reg man looks through a Glass, darkly: Google's toy ploy or killer tech specs?
- MEN WANTED to satisfy town full of yearning BRAZILIAN HOTNESS
- +Comment 'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
- Apple tried to get a ban on Galaxy, judge said: NO, NO, NO