"Dude, where's my SSL?"
Less than a week after New York Senator Charles Schumer called out Twitter by name for incomplete SSL implementation (along with Yahoo and Amazon) the popular social networking site finds itself in the SSL media crosshairs once again. Specifically, Ashton Kutcher had his Twitter account taken over. The thief tweeted a pair of messages, which were
Ashton, you've been Punk'd
This account is not secure. Dude, where's my SSL?
While it's to Twitter's discredit that such a high profile service hasn't even secured its login pages at this late date, unfortunately Twitter is not alone. A quick look around the web reveals that in addition to Twitter I can login in the clear on MySpace, Digg, Reddit, Orkut, Friendster, Tribe.net, StumbleUpon, and JDate. I'm sure there are many more, but I got sick of looking, and this list should illustrate my point. Not good marks for the social networking world. Maybe this increased attention will motivate these sites and others to properly implement SSL to protect their users from account takeover like you see here.