Kashmir Hill discusses the current controversy over a Firefox add-on, Firesheep, that allows a user who has installed it to hijack social media accounts (or any accounts, for that matter) that are open over an unsecured wi-fi connection (think Starbucks).
Since the add-on was released, a lot of people, this blogger included, have asked why https isn’t the default instead of http. The answers to that have been varied, with some people citing speed, some citing bandwidth, some citing cost as explanations. But the bottom line, I think, is that some recent demonstrations have raised public awareness to the level where the big players are going to have to offer more secure connections, as Google has already started to do. We cannot put the onus on the users who — even when they’re told “Hey, I’m in your account” — still do not change their behavior. Maybe they don’t care or perhaps (and more likely), they’re often clueless as to what to do.
Isn’t it time to make security seamless from the user perspective by having better security be the default? I think so.
You can read more about this on Forbes.