U.S. Senator Charles Schumer of New York called on websites including Facebook to secure content accessed via wireless networks.
The Democratic senator held a press conference in Manhattan this weekend, where he told reporters that free WiFi access provided by cafes and restaurants make it easy for hackers to eavesdrop people’s Internet use to collect people’s personal data including passwords and credit card numbers. Reuters quoted Schumer saying:
The number of people who use WiFi to access the Internet in coffee shops, bookstores and beyond is growing by leaps and bounds. The quickest and easiest way to shut down this one-stop shop for identity theft is for major Web sites to switch to secure HTTPS web addresses instead of the less secure HTTP protocol [which is] a welcome-mat for would-be hackers.
Schumer put these concerns in a letter that went out to major websites, asking them to default to secure addresses beginning with https:// — saying he believed that many sites have been too slow to address a security flaw publicly known since at least 2007.
Do you think Facebook needs to make all access of the website default to the secure address, or should it be the individual’s responsibility?
As if the good hackers won't be able to bypass a secured connection?
Comment by mark — February 28, 2011 @ 11:07 am
Why is this story even listed on this blog? Schumer has a weekly press conference every Sunday to try and get attention before he moves onto this next topic.
Comment by clj124 — February 28, 2011 @ 12:32 pm
Getting past a secure connection is a hell of a lot harder than an unsecured one. Fair enough that they don't secure the newsfeed but not securing people's marketing data is a bit of a joke. With very little knowledge it would be possible for hackers to do things like see potentially sensitive ad performance reports and maybe even start running ads on other people's credit cards! Most of the other PPC ad providers have secure connections to their ad management interfaces. I thought it was just standard until using the Facebook Ads Manager.
Comment by Ewan Heming — February 28, 2011 @ 9:34 pm
Sites that handle personal information and communication should default to secure connections.
Before Facebook makes that the default, though, they need to fix a huge flaw. There are some FB apps that don't support secure connections. When you go to one of those apps FB prompts to switch to HTTP. Although the prompt doesn't say so, this isn't a temporary switch, it actually changes the FB setting to non-secure. This guarantees that few people will keep the secure connection setting.
Comment by DPWally — March 1, 2011 @ 12:22 am
I think Chuck Schumer should focus on what he knows best, which is politics. WiFi Spots are only a small concern. Maybe awareness training would be more helpful. We can start off with the NYC.GOV site.
http://rcda.nyc.gov/search.asp?txtKeyWord=%27%22%...
once they fix nyc.gov they can goto the senate.gov site which have been vulnerable since 2008.
http://xssed.com/archive/author=xylitol/page=37/
Chuck, focus on government security before corporate security!
Comment by @robinsage — March 1, 2011 @ 3:00 am