February 28, 2011
Websites Should Use Secure Protocol, Says Senator
Senator Charles Schumer is calling on major websites in the United States to make their pages more secure to protect those connecting from Wi-Fi hotspots, various media outlets are reporting.
In a letter sent to Amazon, Twitter, Yahoo, and others, the Senator, a Democrat representing New York, asked the websites to switch to more secure HTTPS pages in order to help prevent people accessing the Internet from public connections in places like restaurants and bookstores from being targeted by hackers and identity thieves.
"As the operator of one of the world's most popular websites, you provide a valuable service to Internet users across America," Schumer wrote, according to Tony Bradley of PCWorld. "With the privilege of serving millions of U.S. citizens, however, comes the responsibility to protect them while they are on your site."
"Free Wi-Fi networks provide hackers, identity thieves and spammers alike with a smorgasbord of opportunities to steal private user information like passwords, usernames, and credit card information," the Senator added. "The quickest and easiest way to shut down this one-stop shop for identity theft is for major websites to switch to secure HTTPS web addresses instead of the less secure HTTP protocol, which has become a welcome mat for would be hackers."
According to a Reuters report on Sunday, Schumer also called standard HTTP protocol "a welcome mat for would-be hackers" and said that programs were available that made hacking into another person's computer and swiping private information--unless secure protocol was used.
Recently, Facebook switched to the more secure HTTPS protocol, according to Bradley. While some features of the popular social networking website will not work over HTTPS, and while it is not the default setting for Facebook--users must manually make the change to enable it--the PC magazine reporter calls it "a step in the right direction."
According to Stan Schroder of Mashable, HTTPS or HTTP Secure is "a combination of the HTTP and SSL protocols, enabling encrypted communication between your computer and a web server."
"Without it you're exposed to sniffing attacks on the network," Schroder added. "For example, if you're using a public Wi-Fi to access Facebook via plain HTTP, someone using the Firesheep add-on for Firefox can easily retrieve your data. HTTPS makes it a lot harder to do that."
On the Net: