Sophos urges users to "turn on new Twitter security option today"
March 2011 by Sophos
Experts at Sophos are advising all Twitter users to take immediate advantage of a new feature offered by the site - "Always use HTTPS".
"Twitter’s new security option means that once you have logged in, all of your interaction with Twitter is encrypted automatically," says Paul Ducklin, Head of Technology, Asia Pacific, at Sophos. "HTTPS stands for ’secure HTTP’. If you don’t use HTTPS, imposters who listen in to your Twitter traffic can obtain what’s called your session key - a secret code which identifies you for as long as you’re logged in. This means that they can impersonate you, posting any old tweets on behalf of you or your company."
"This sort of impersonation is known as sidejacking, because it lets an imposter hijack your Twitter session while sitting somewhere alongside you," explains Ducklin. "Every time you use unencrypted WiFi, for example in a coffee shop or an airport lounge, any one of the other users sitting round about could be sidejacking you. If you’re a Twitter user, it’s a no-brainer, you want this new option. Turn it on today."
Ashton Kutcher, also known as Mr Demi Moore, was sidejacked recently at a seminar he attended, and found that this sort of online impersonation is embarrassing at best. At its worst, it could be reputation-trashing.
An explanation of how to turn on Twitter’s new option, and why you should do it, can be found on the Sophos Naked Security website: http://nakedsecurity.sophos.com/201...