Jacob West, CTO of Hewlett-Packard's Enterprise Security Products, explains why application misconfiguration is an issue and offers advice on how to limit the risks.
SAN FRANCISCO — Google has spent months and millions of dollars encrypting email, search queries and other information flowing among its data centers worldwide. Facebook’s chief executive said at a conference this fall that the government “blew it.” And though it has not been announced publicly, Twitter plans to set up new types of encryption to protect messages from snoops.
If you log into Twitter over unencrypted WiFi - for instance, at an airport lounge or at a conference - and you don't have HTTPS enabled, then a hacker could sniff your session cookie. And anyone who can sniff your session cookie can pretend to be you. That means they can post tweets as you or read your private direct messages. And you don't want that. Turning on full-time Twitter HTTPS keeps your session cookie encrypted throughout your login session. That's definitely a good thing.