Blog Post

Fear Of ‘Firesheep’: Senator Asks Twitter, Amazon To Increase Web Security

A year ago, if your site wasn’t using a web security protocol called HTTPS, the only folks likely to complain were tech-savvy consumer activists. Today, you might be likely to get a letter of concern from a U.S. senator. In fact, Sen. Charles Schumer (D-New York) has formally asked Twitter, Amazon (NSDQ: AMZN), and Yahoo (NSDQ: YHOO), to start employ HTTPS as the default option on their sites. The senator’s attention appears to have been focused by Firesheep, a hacking program released in October that demonstrated how easy it is to grab users’ private data from the public WiFi networks commonly found at coffee shops and bookstores.

“It is scary how easy it is,” stated Schumer, noting that public WiFi networks were likely to be a happy hunting ground for spammers, hackers, and identity thieves.

Schumer’s request comes just a few weeks after Facebook announced it will give users the option of using HTTPS throughout the site. A lawyer with the Federal Trade Commission called on websites to beef up site security with HTTPS last year, but it’s the release of Firesheep appears to have put some real urgency into calls for greater security.

Some web publishers use HTTPS security on sensitive parts of their sites, such as login pages or checkout pages where users might type in credit card information, but security researchers say it’s safest to just use HTTPS, which is also called Secure Socket Layer or SSL, throughout the site. CNET, which first reported on Schumer’s letter, notes that Amazon already uses HTTPS on login and checkout pages.

One Response to “Fear Of ‘Firesheep’: Senator Asks Twitter, Amazon To Increase Web Security”

  1. I fear Chuck Schumer’s though process as well as the rest of the politicians opening their mouths on topics they know nothing about. Personally, I think Chuck Schumer should focus on what he knows best, which is politics. WiFi Spots are only a small concern. Maybe awareness training would be more helpful. Lets start off our awareness training with the NYC.GOV site.

    once they fix they can goto the site which have been vulnerable since 2008.

    Chuck, focus on government security before corporate security!