As I have found out today, Twitterrific’s default behaviour is to use base64 encoding for logging into Twitter. Now, you may or may not care about that, but it is very insecure and it makes it relatively trivial for someone to grab your username and password. Here is an easy way to make it safer.
The first method comes from Iconfactory via the PaulDotCom security podcast #107. Open a Terminal window (from /Applications/Utilities) and type:
defaults write com.iconfactory.Twitterrific protocol -string "https://"
then hit return.
The more user-friendly way, however, would be through Secrets1, Blacktree’s excellent “hidden feature” enabler. If you have Leopard, install Secrets, have it update its database then select Twitterrific from the sidebar. Change the “protocol handler” string as shown in the picture below to say “https://”
Whichever your choice, restart Twitterrific and you should be much more secure. Little Snitch has confirmed that connections to Twitter are now HTTPS2.
P.S. Look through Secrets some more, there may be other things you find useful as well.
- Grab from MacUpdate if the dev site is down [↩]
- Technical jargon meaning that the above has worked and you are now secure [↩]
