| :: Previous topic :: Next topic |
| Author |
Message |
Sasha
Joined: 12 Jul 2010
Posts: 316
Location: Caribbean (kar-uh-bee-uhn) of Canada
|
 Posted: Thu Sep 02, 2010 11:02 am Post subject: Twitter's OAuth security system |
  |
|
Twitter's OAuth security system
Ars Technica
September 2, 2010 - Twitter officially disabled Basic authentication this week, the final step in the company's transition to mandatory OAuth authentication. Sadly, Twitter's extremely poor implementation of the OAuth standard offers a textbook example of how to do it wrong. This article will explore some of the problems with Twitter's OAuth implementation and some potential pitfalls inherent to the standard. I will also show you how I managed to compromise the secret OAuth key in Twitter's very own official client application for Android. OAuth is an emerging authentication standard that is being adopted by a growing number of social networking services. It defines a key exchange mechanism that allows users to grant a third-party application access to their account without having to provide that application with their credentials. It also allows users to selectively revoke an application's access to their account.
I do not use Twitter or Facebook. This info is for those of you who do.
Ushahidi and Usenet are very useful.
_________________
The beginning of wisdom is to call things by their right names.
- Chinese proverb |
|
| Back to top |
|
 |
Sasha
Joined: 12 Jul 2010
Posts: 316
Location: Caribbean (kar-uh-bee-uhn) of Canada
|
|
| Back to top |
|
|
Sasha
Joined: 12 Jul 2010
Posts: 316
Location: Caribbean (kar-uh-bee-uhn) of Canada
|
| Posted: Fri Sep 24, 2010 11:09 am Post subject: 'Onmouseover' Bug Affecting Twitter |
|
|
'Onmouseover' Bug Affecting Twitter
Tech News Daily
September 21, 2010 - Sophos posted a blog explaining that a serious flaw in Twitter.com is allowing messages to pop up and third-party websites to open in the user’s browser. The security breach occurs when the user moves the mouse over a normal looking URL containing the code "onmouseover."
_________________
The beginning of wisdom is to call things by their right names.
- Chinese proverb |
|
| Back to top |
|
|
atm
Joined: 16 Apr 2006
Posts: 3578
|
| Posted: Sat Sep 25, 2010 10:20 am Post subject: |
|
|
Just do not tweet. If you do, you must be a twitt
er...
atm  |
|
| Back to top |
|
|
Sasha
Joined: 12 Jul 2010
Posts: 316
Location: Caribbean (kar-uh-bee-uhn) of Canada
|
| Posted: Wed Sep 29, 2010 8:40 pm Post subject: |
|
|
Track Twitter
Science Daily
September 28, 2010 - A group of Indiana University information and computer scientists have unleashed Truthy.indiana.edu, a sophisticated new Twitter-based research tool that combines data mining, social network analysis and crowdsourcing to spy.
_________________
The beginning of wisdom is to call things by their right names.
- Chinese proverb |
|
| Back to top |
|
|
|
