I first covered the Twitter HTTPS story last August. Twitter has at last now confirmed (13th February 2012) that it has enabled HTTPS by default for all users. Session cookie hacking (in particular on a public WiFi hotspot), sidejacking and see the Firefox plugin Firesheep story I wrote last year, have all contributed to Twitter rolling out this security enhancement to all its users. It’s taken some time, since I wrote my original post (above link), but we must applaud Twitter for spending (note I didn’t say ‘allocating’) resource on this important web user security issue.
The same cannot be said for Facebook who still haven’t rolled out default HTTPS for all users. One wonders whether this will happen given the cost and resource involved and with an IPO imminent. For those of you using Google Plus, HTTPS is on for all users by default. 🙂
Safe surfing folks!