Twitter has implemented new technology to stop its users from being spied upon by government agencies, it said. The firm also called upon other technology firms to do likewise. The microblogging service began encrypting communications using HTTPS in 2011 and said it had now rolled out an advanced level of protection for HTTPS called "forward secrecy". In a blog post, Twitter security engineer Jacob Hoffman-Andrews said that since the use of HTTPS encryption, it has "become clearer and clearer how important that step was to protecting our users' privacy". The move is in response to disclosures by former NSA contractor Edward Snowden about the widespread snooping carried out by the US government. "As part of our continuing effort to keep our users' information as secure as possible, we're happy to announce that we recently enabled forward secrecy for traffic on twitter.com, api.twitter.com, and mobile.twitter.com," said Hoffman-Andrews. "On top of the usual confidentiality and integrity properties of HTTPS, forward secrecy adds a new property. If an adversary is currently recording all Twitter users' encrypted traffic, and they later crack or steal Twitter's private keys, they should not be able to use those keys to decrypt the recorded traffic," he added. Forward secrecy involves the use of Elliptic Curve Diffie-Hellman encryption (ECDHE). This does not require an encryption key to be sent out between the client and server as this key could be intercepted by a third party and used to decrypt data. "The client and server manage to come up with a shared, random session key without ever sending the key across the network, even under encryption," said Hoffman-Andrews. Hoffman-Andrews urged other website to implement HTTPS and make it the default setting. "If you already offer HTTPS, ensure your implementation is hardened with HTTP Strict Transport Security, secure cookies, certificate pinning, and forward secrecy. The security gains have never been more important to implement." "If you don't run a website, demand that the sites you use implement HTTPS to help protect your privacy, and make sure you are using an up-to-date web browser so you are getting the latest security improvements," he added.
-
Hackers are lying low in networks to wage critical infrastructure attacks - here’s how they do itNews Hackers are researching key IT workers in their bid to gain access to vital systems
-
ASUS, Cisco, Netgear devices exploited in ongoing Chinese hacking campaignNews Critical national infrastructure is the target of sustained attempts from state-sponsored hackers, according to Five Eyes advisories
-
US reveals bespoke tool that took down Russian malware operationNews Snake had been used to steal NATO countries’ data for 20 years
-
Move away from memory-unsafe languages like C and C++, NSA urgesNews The US agency advises organisations to begin using languages like Rust, Java, and Swift
-
Twitter API keys found leaked in over 3,200 apps, raising concerns for linked accountsNews Business and verified Twitter accounts linked to affected apps are at risk of takeover, use in malicious campaigns
-
US gov issues fresh warning over Russian threat to critical infrastructureNews The FBI, NSA and CISA have urged network defenders to be on "heightened alert" for Russian cyber attacks
-
NSA warns smartphone users of ‘large scale data tracking’News Common features like Bluetooth and Wi-Fi can reveal sensitive details about users like their daily routines
-
The Twitter hack, and why we need a better class of criminalOpinion The bitcoin scammers’ biggest crime isn’t fraud - it’s lack of imagination
