June 19, 2021

Google and Twitter Improve SSL Support

Google and Twitter have independently announced that they are improving their support for secure encrypted connections (with SSL and HTTPS) when using their respective services.

Google announced on its official Google Code blog that it will be improving the security of Google APIs with SSL, while Twitter, the micro-blogging service has added a new setting that allows users to always use HTTPS when accessing all pages on twitter.com, not just during log-in.

Google has already changed many of its user-facing services to either allow or require the use of HTTPS including Google web searchGmail and Google Docs. Next Google want to improve SSL support for its developer-facing APIs. Most of Google’s APIs already use SSL and beginning September 15, 2011, Google will require that all users of Google Documents List APIGoogle Spreadsheets API, and Google Sites API use SSL connections for all API requests.

With tools available like Firesheep, which make it easy to steal passwords for social networking sites when the victim is using an insecure wireless network, Twitter are emphasising the importance of using HTTPS. Twitter over SSL has been available for some time at https://twitter.com. But it has made it simpler for users to use it all the time by adding an option to the settings page.

To turn on HTTPS, go to your settings and check the box next to “Always use HTTPS,” which is at the bottom of the page.

Firefox extension steals Facebook, Twitter, etc. sessions

Presented at ToorCon, Firefox extension Firesheep demonstrates how easy it is for attackers to access accounts belonging to other users on the same network, such as a Wi-Fi hotspot. After launching the program, user accounts belonging to other users gradually appear in the sidebar as users navigate to any of the many supported web sites, which currently include Facebook, Twitter, Flickr, Amazon, Windows Live and Google. By clicking on one of the sidebar entries (which generally display the victim’s name and photo), an attacker is able to access the site in question with all the legitimate user’s privileges.

Read the full story here.