Twitter tightens security against NSA snooping
The company calls on others to embrace 'perfect forward secrecy'
IDG News Service - Twitter has implemented new security measures that should make it more difficult for anyone to eavesdrop on communications between its servers and users, and is calling on other Internet companies to follow its lead.
The company implemented "perfect forward secrecy" on its Web and mobile platforms, it said Friday. The technology should make it impossible for an organization to eavesdrop on encrypted traffic today and decrypt it at some point in the future.
At present, the encryption between a user and the server is based around a secret key held on the server. The data exchange cannot be read but it can be recorded in its encrypted form. Because of the way the encryption works, it's possible to decrypt the data at some point in the future should the server's secret key ever be obtained.
With perfect forward secrecy, the data encryption is based on two short-lived keys that cannot be later recovered even with the knowledge of the server key, so the data remains secure.
It's an important principle, because while encryption traffic is difficult to break with current computer technology, innovations in computing hardware and systems might make it easier to break in the future. Perfect forward secrecy should ensure data remains secure no matter the advances in computer technology.
Twitter didn't provide a reason for the switch, but it linked to a blog post by the Electronic Frontier Foundation that suggested the method be used as a way to stop the National Security Agency (NSA) or another party from snooping on Internet communications.
Of course, much of what is sent over Twitter is destined to be public anyway, but the service does support a direct messaging system between two clients that is hidden from public view.
In a blog post introducing the new security, the company said it believes it "should be the new normal for web service owners."
"If you are a webmaster, we encourage you to implement HTTPS for your site and make it the default. If you already offer HTTPS, ensure your implementation is hardened with HTTP Strict Transport Security, secure cookies, certificate pinning, and Forward Secrecy. The security gains have never been more important to implement."
It's important to note that while the technology safeguards against eavesdropping, it won't affect the ability of law enforcement agencies to obtain information from Twitter through conventional legal channels.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts