Home » Privacy & Security

Ashton Kutcher meets Firesheep, twitter hacked

By George Ou 3 March 2011 2 Comments

It appears that Ashton Kutcher has become a high profile victim of Twitter’s negligence when someone at the TED conference hijacked Kutcher’s Twitter account using tools like Firesheep.  The Twitter PR account @TwitterGlobalPR twitted that Kutcher should have enabled SSL by typing HTTPS in front of twitter.com, but that deflects from the fact that it’s Twitter’s responsibility to keep their users safe.  I and other security experts have warned for years that online services need to enable HTTPS SSL security by default and without requiring the user to manually turn it on.

A few months ago, I issued an online security report card that flunked a few online services like Facebook and Twitter.  Facebook added a persistent SSL option that users have to manually enable while Twitter wants users to manually type in HTTPS or install some other tool to enforce that setting automatically, but either solution leaves the vast majority of users wide open since they don’t know about the setting.  Last weekend, we had Senator Chuck Schumer join in the fight to make security a default setting when he sent letters to these negligent online services.  Ashton Kutcher is just another victim of bad online security but perhaps his pain and publicity can get Twitter and Facebook to do what they should have done a long time ago.

2 Comments »

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.