back to article Twitter finally grabs wheel, drives all twits into HTTPS

Twitter has finally bedded down secure browsing on its site for all users after previously offering HTTPS as an optional feature. In March last year it debuted the opt-in setting that enabled Secure Sockets Layer encryption, but explained at the time that the option would not be switched on by default. The secure-browsing …

COMMENTS

This topic is closed for new posts.
  1. Mike Flugennock
    Thumb Up

    Well, hell... finally...

    After reading all the accounts of hacks and hijacks on The Reg, one of the first things I did when I got on Twitter was to choose the https option.

  2. Jacqui

    HTTPS is NOT secure in cafe's

    There are linux live distros out there designed to act as a "dirty" hotspot!

    Park near a cafe with van and decent antennae - swampout cafe's wifi and

    snap up customers, fudge DNS and provide one or two CA's and CERT servers

    and hey presto all HTTPS traffic is MITM readable. This sort of stuff

    is old hat and so very very noddy.

    This is done at almost every sec conf - with the muppets who use these services

    getting hit by various pranks.

    A VPN home and route traffic through a secured tunnel is the only safe option.

    FYI I dont even trust my ISP's DNS after some of the dirty tricks they have tried on

    in the past N years - never mind a coffee shops offerings.

    1. Anonymous Coward
      Anonymous Coward

      > presto all HTTPS traffic is MITM readable.

      That's not how SSL works. To perform a MITM attack without a browser exploit, and without warning or redirecting the user, the attacker would need an SSL cert for the targeted site, and the SSL cert would need to be signed by a trusted CA. There have been CAs that get compromised, so there are fake certs floating around, but it's not common. So no, this doesn't happen very often.

    2. Anonymous Coward
      Anonymous Coward

      Re: HTTPS is NOT secure in cafe's

      Jacqui - clearly you don't understand how HTTPS works -.-'

  3. ItsNotMe
    Coat

    FINALLY!

    God forbid any of that mindless drivel get intercepted by anyone. Now the world can be a safer place to tweet, for all the twits using it.

  4. Anonymous Coward
    Anonymous Coward

    Hooray

    I'm pooping. Securely.

    1. Anonymous Coward
      Anonymous Coward

      Securapoop

      Are ya wearing lead lined Depends?

This topic is closed for new posts.

Other stories you might like