Schumer Calls on Amazon, Twitter to Switch to More Secure HTTPS

 
 
By Michelle Maisto  |  Posted 2011-02-28
 
 
 

U.S. Sen. Chuck Schumer is on a new consumer-protection mission. At a press event Feb. 27, he called on Amazon, Twitter and other major U.S. Website operators to switch from the HTTP-based Web address protocol to the more secure HTTPS-based addresses, according to a Feb. 28 report from Reuters.

The N.Y. Democrat held the event at a Manhattan coffee shop, drawing attention to the fact that ever-increasing numbers of consumers rely on WiFi access at such shops, as well as bookstores and similar public locales, where hackers can too easily use the connection to access personal information such credit card numbers and passwords.

Schumer said that programs such as the Firefox extension Firesheep make it all too easy for the maliciously inclined to access someone else's computer, and described the HTTP protocol as "welcome mat" for hackers.

"The quickest and easiest way to shut down this one-stop shop for identity theft is for major Web sites to switch to secure HTTPS Web addresses instead of the less secure HTTP protocol," Schumer said, according to the report.

He added that the security flaws of the HTTP protocol have been well known since 2007, but that the operators of major sites have dragged their feet on making the switch.

In January, Google opted to make HTTPS the default for its Gmail users, following reports that the e-mail accounts of several Chinese human rights activists had break-in attempts.

"Over the last few months, we've been researching the security/latency trade-off and decided that turning HTTPS [HTTP Secure] on for everyone was the right thing to do," Gmail Engineering Director Sam Schillace wrote Jan. 12 on the official Gmail blog.

That same month, Facebook blogger Alex Rice announced that the social-networking site was developing a "number of complex systems that operate behind the scenes to keep you secure on Facebook." One of these was HTTP- which Rice explained is identified by the icon of a lock on many shopping and banking sites.

"Facebook currently uses HTTPS whenever your password is sent to us, but today we're expanding its usage in order to help keep your data even more secure," said Rice.

As of Jan. 26, Facebook began offering users the opportunity of operating entirely over HTTPS.

"You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools," Rice added. "The option will exist as part of our advanced security features, which you can find in the "Account Security" section of the Account Settings page."

Schumer reportedly also sent a letter to major Website operators, asking them to make the switch to HTTPS, though the contents of this correspondence weren't shared on his Website.

 
Rocket Fuel