Movie star Ashton Kutcher, perhaps best known to many people as Mr Demi Moore, appears to have had his Twitter account compromised while he attended the brainbox TED Conference in Long Beach, California. And the suspicion has to be that a lack of SSL encryption was to blame.
Messages posted to Ashton Kutcher's 'aplusk' account, which were shared with his more than 6.4 million Twitter followers, said:
Ashton, you've been Punk'd. This account is not secure. Dude, where's my SSL?
and
P.S. This is for those young protesters around the world who deserve not to have their Facebook & Twitter accounts hacked like this. #SSL
Tools such as Firesheep make it child's play for anybody sitting close to you to jump onto your Facebook or Twitter session if you're using unencrypted WiFi without an SSL connection, for example at a free WiFi hotspot.
Wouldn't it be great if Twitter forced the use of HTTPS at all times? Clearly whoever hacked into Ashton Kutcher's Twitter account feels the same.
The insecure Twitter and Facebook accounts of some celebrities offer a very tempting target for cybercriminals who may wish to spread their dangerous or spammy links to millions of followers. We should just be grateful that on this occasion the hack appears to have taken place to promote better awareness of the need for better security, rather than with more malicious intent.
Other star speakers at the TED conference include Microsoft's Bill Gates, musician Bobby McFerrin, filmmaker Morgan Spurlock, musician Jason Mraz and bigwigs from the Ford Motor Company and Pepsi. Let's hope they're more careful if they decide to access their social media accounts from the conference.
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
No, social sites aren't doing enough to secure.
Even on facebook, you need to go into the account, security settings and re-check the box for https every single time you go into a different app. Even then, some apps have a message saying you can not use the app with the secure setting
That's just awesome! I love it when hackers hack just to make a point. I agree with the hacker, these sites need to move to ssl for better security.
"Wouldn't it be great if Twitter forced the use of HTTPS at all times? " -- Yes! And there's an emerging standard for how to do that: HTTP Strict Transport Security -- https://secure.wikimedia.org/wikipedia/en/wiki/HT...