Schumer calls for web site security


| brennison@queenscourier.com |

The proliferation of public WiFi, in bookstores, coffeehouses, parks and anywhere else it is available, is making user’s private information vulnerable.

U.S. Senator Chuck Schumer has sent providers of major web sites letters asking them to tighten their sites’ security, by switching to the secure HTTPS protocol from the standard HTTP protocol.

Simple programs, like Firesheep, which was released in October, allow hackers and identity thieves to easily access personal information, passwords, user names, and credit card information, when they browse on unprotected web sites over unsecured WiFi.

When users type their username and password into a web site it is usually encrypted, but the cookie, which is sent back to your computer containing private information stored on the web site, often is not, allowing people potential access to this information.

This is because all users that are using the WiFi are operating on the same network, making it easier to access a user’s computer.

Programs like Firesheep could be targeted by law enforcement officials for restriction, but others would quickly replace it.

“This security problem has been known for quite some time and hackers are getting better at creating programs that allow even the most inexperienced users the ability to hack into someone else’s computer,” said Schumer, noting that since trying to get rid of every new hacking program that is created, security is a more practical step.

Banks, PayPal and many other sites that handle sensitive information use the HTTPS protocol. You will know if you are on a secure site by seeing those letters before the web address or you may see a shield or lock indicating security. But many sites, some of the most commonly used on the web, still do not, including Twitter, Amazon and Yahoo. This is what prompted Schumer to send out letters calling for these web sites to improve protection for users, telling them they are already “a leader in the field of business; I hope you will take this opportunity to step up and become a leader in the field of consumer protection as well.”

Eric Butler, the creator of Firesheep, wrote on his web site when he released this program in October that this too was his intent, writing, “Web sites have a responsibility to protect the people who depend on their services.” Butler wrote that he wanted to show just how serious the problem was, a problem he wrote web sites have known for years.