Is OAuth broken?

3/1/2010

Terence Eden wrote in his blog post that Twitter has a gaping security hole and that changing the password won’t stop malicious users logging in as you Implementation error I'd say that this is both Twitters fault and OAuth.

If you suspect that someone has compromised your account and you change the password, the OAuth token should be deletedEven though the documentation doesn't suggest it, the engineers that implemented it should make sure that if you change your credentials, the token is re....

Full story: Info Alert: oauth

Similar articles

The Rob blog

Is OAuth broken? Terence Eden wrote in his blog post that Twitter has a gaping security hole and that changing the password won’t stop malicious users logging in as you. Implementation error I'd say that t...

robertpohl - Twitter Search

Blogged: Is OAuth broken? http://bit.ly/1nMbF9 #twitter #security #hacking Blogged: Is OAuth broken? http://bit.ly/1nMbF9 #twitter #security #hacking

Info Alert: oauth

Blogged: Is OAuth broken? http://bit.ly/1nMbF9 #twitter #security #hacking Blogged: Is OAuth broken? http://bit.ly/1nMbF9 #twitter #security #hacking

Think Vitamin

Introduction to OAuth OAuth has been around for a few years now, but has been hitting the headlines lately when Twitter moved to requiring all authentication to be via OAuth for their APIs. This caused a lot of disruption ...

SeekingAlpha.com: Home Page

Broken? David Merkel submits: As I looked over the carnage that was the bond market yesterday, I was reminded of my piece 17 months ago called Broken…. But as I read that, I said to myself, &...

ASP.NET Weblogs

Twitter OAuth Authentication with TweetSharp The Twitter API is something that you may have learned to love and hate over the last while, but as of August 16th, you may have to change the way you access it. Basic Authentication i...

Comments on this article

Add your comment

Report