Recently Senator Schumer from New York wrote a letter (http://www.infosecurity-us.com/view/16328/senator-schumer-current-internet-security-welcome-mat-for-wouldbe-hackers/) to Twitter, Yahoo, and Amazon asking them to make SSL the default for internet connections. What this means is that instead of an http connection they should provide and https connection by default. This is important because with http connections you are exposed to risk of having your account hijacked, particularly when using public Wi-Fi connections. We’ve blogged about this issue with respect to Firesheep (http://blog.eset.com/?s=Firesheep) a few times.
I’m sure that the security experts at Twitter, Yahoo, and Amazon have repeatedly told their myopic, technologically challenged managers that SSL is the right thing to do, but these decision makers can’t seem to act on sound advice from employees. Perhaps hearing it from a politician will scare them into doing the right thing before they face legislation and potential litigation.
The Department of Homeland Security is working really hard to try to make the United States a much more cyber secure nation. It’s long past time for these major internet portals to start contributing to the effort.
Director of Technical Education
Cyber Threat Analysis Center
ESET North America
Author ESET Research, ESET