04 March 2011
In a pivotal move last week, Senator Chuck Schumer D-N.Y. announced his advocacy for the HTTPS web standard, calling out popular online services for continuing to use the less secure HTTP standard. Some of the world’s most heavily trafficked sites in fact, use this unsecure protocol which allows “them [hackers] to steal private information on users of popular websites like Twitter, Yahoo, and Amazon”.
The push for tighter web security comes from the recent release of the “firesheep” plugin to the Mozilla Firefox browser, which allows malicious users to hijack the flow of data packets over public Wi-Fi sessions, such as those common in coffee shops, libraries, and other public areas. With this plugin, the hacker can easily intercept a victim’s username and password – giving access to personal information which can either be sold or used to impersonate the user.
By implementing HTTPS, websites can close this dangerous security hole and provide users a worry-free experience while connected to public Wi-Fi.
In January, the immensely popular cloud service Facebook implemented HTTPS as an option for all users, which has since been widely adopted. Senator Schumer plans to send letters to a myriad of other popular sites requesting they change their protocol to HTTPS, and with Facebook as a first-mover, many will likely follow.
-McAfee Cloud Security