NY Senator wants HTTPS to be default

New York Senator Charles Schumer has called on America's largest sites to make the HTTPS protocol the default for their sites in an effort to prevent ID theft when users hop on public Wi-Fi at places like Starbucks and McDonalds.

The Senator says the growth of public Wi-Fi spots is making it easier for hackers to steal info like credit card numbers and passwords for banking institutions.

Says Schumer (via Reuters):

The number of people who use WiFi to access the Internet in coffee shops, bookstores and beyond is growing by leaps and bounds.

The quickest and easiest way to shut down this one-stop shop for identity theft is for major Web sites to switch to secure HTTPS web addresses instead of the less secure HTTP protocol.

HTTP, says the Senator, is a "welcome mat for would-be hackers." Most major site operators, outside of the banking institutions, use HTTP as the default, even if they do have HTTPS versions.

Written by: Andre Yoskowitz @ 28 Feb 2011 16:45

ROMaster2

I do not oppose this.

28.2.2011 18:10 #1

xaznboitx

still can hack even using that site as default .

28.2.2011 19:45 #2

GryphB

Meh, I don't think it should be mandatory. But those people should realize that they are on someone else's network and are subject to whatever happens.

28.2.2011 21:24 #3

xyqo

Did I step in to the twilight zone or something? A politician said something tech related that makes sense.

Next weeks episode: Sony will start to care about consumers. And even drop all current lawsuits then restore other OS in the next ps3 update.

XXYYQQOO!!! Yeah WELCOME TO JAMROCK

28.2.2011 22:01 #4

KillerBug

Originally posted by xyqo: Did I step in to the twilight zone or something? A politician said something tech related that makes sense.

Next weeks episode: Sony will start to care about consumers. And even drop all current lawsuits then restore other OS in the next ps3 update. LoL...that seems to be the size of it. I am still trying to find the evil and corruption in this plan; after all...it comes from a politician, it can't possibly be a good thing. Maybe he owns stock in a company specializing in secure networks or something.

1.3.2011 01:36 #5

ps3lvanub

Not every single politician is a dickhead... Just 99% of them.

OMG! COD6 TENTH HACK WITHOUT JTAG!

1.3.2011 03:04 #6

Clam_Up

If it wasn't a politician talking I'd probably be less skeptical. Politicians just like to get their name on as many proposals as possible regardless of how much sense they make.

Besides, how tough is it to see the padlock and the https:// in a browser window? It seems unnecessary to me.

Also, it isn't trivial to set up a secure certificate. It's a few more hoops to be jumped through. I can see quite a few websites that don't do SSL just going offline if it passes. I'd hardly call that progress.

1.3.2011 03:27 #7

KillerBug

Got it...if every site needed an SSL cert, then sites like wikileaks could be in danger of being blocked to the majority of the tech-illiterate public simply by revoking the cert.

I knew that a politician couldn't be doing good!

1.3.2011 06:03 #8

molsen

It's Schumer, he never does anything for the good of the people. It's a grandstanding tactic to get something else pass. He is bringing this issue to light, so when a bill is created he can add pork to it and use this SSL as the main reason. He has done this many times. I wish people of NY can see this.

1.3.2011 07:36 #9

lissenup2

Probably one of the best ideas ever. Never could figure out why this was the de facto from the start. There's no harm in it, no inconvenience and therefore, why not just go this route. Good for that politician. He may be exempt from a public execution.

1.3.2011 13:34 #10

Clam_Up

Originally posted by lissenup2: Probably one of the best ideas ever. Never could figure out why this was the de facto from the start. There's no harm in it, no inconvenience and therefore, why not just go this route. Good for that politician. He may be exempt from a public execution. Yeah, the more I think about it, the more this scares me. On the surface it looks like a great idea and some will be all for it. But having gone through the process of implementing SSL myself, I can see how it could easily be used to take down sites that aren't "approved of" by whoever in power doesn't like them.

If it's restricted only to the largest sites, that's fine. But will it stay a restriction only for those sites? Who determines which sites must adhere to it and which don't?

Be afraid. Be very afraid.

1.3.2011 15:43 #11

ps3lvanub

I can't see every single site being forced to go secure. It will kill half of the internet.

OMG! COD6 TENTH HACK WITHOUT JTAG!

1.3.2011 16:55 #12

lissenup2

Originally posted by Clam_Up: Originally posted by lissenup2: Probably one of the best ideas ever. Never could figure out why this was the de facto from the start. There's no harm in it, no inconvenience and therefore, why not just go this route. Good for that politician. He may be exempt from a public execution. Yeah, the more I think about it, the more this scares me. On the surface it looks like a great idea and some will be all for it. But having gone through the process of implementing SSL myself, I can see how it could easily be used to take down sites that aren't "approved of" by whoever in power doesn't like them.

If it's restricted only to the largest sites, that's fine. But will it stay a restriction only for those sites? Who determines which sites must adhere to it and which don't?

Be afraid. Be very afraid. Never thought of it like this. How depressing.

1.3.2011 19:59 #13

Mrguss

For More Info or download HTTPS:

http://gizmodo.com/#!5774952/no-one-is-safe-from-firesheep-not-even-ashton-kutcher

Firefox Users:
https://www.eff.org/https-everywhere

The plugin works for:

* Google Search
* Wikipedia
* Twitter
* Facebook
* bit.ly
* GMX
* Wordpress.com blogs
* The New York Times
* The Washington Post
* Paypal
* EFF
* Tor
* Ixquick
* and many other sites!

+4000

3.3.2011 03:15 #14

KillerBug

You don't need to download anything...just type https:// instead of http://

3.3.2011 06:16 #15

FredBun

Originally posted by ps3lvanub: Not every single politician is a dickhead... Just 99% of them. Wrong! 99.9999% are.

4.3.2011 11:23 #16

editmon

Originally posted by ps3lvanub: Not every single politician is a dickhead... Just 99% of them. Give me a billion dollars and I can get a plush toy in the Oval Office. ;)

4.3.2011 13:15 #17

Mr-Movies

Originally posted by molsen: It's Schumer, he never does anything for the good of the people. It's a grandstanding tactic to get something else pass. He is bringing this issue to light, so when a bill is created he can add pork to it and use this SSL as the main reason. He has done this many times. I wish people of NY can see this. I'll second that!

4.3.2011 14:39 #18

stonegod5

Beware of anything this politician says. He is as crooked as they come. There must be something on the back end for him or he would not bother talking about it. There are probably other amendments to the bill that let them (Government) see what you are doing or track you in some way.

4.3.2011 23:38 #19

jvwheel

Originally posted by xyqo: Did I step in to the twilight zone or something? A politician said something tech related that makes sense.

Next weeks episode: Sony will start to care about consumers. And even drop all current lawsuits then restore other OS in the next ps3 update. It's too late for Sony; they have lost billions of customers worldwide over their behavior this past year.

5.3.2011 01:47 #20

AfterDawn: News