Massive Twitter Security Flaw

For an uninformed user of twitter, OAuth can cause them to provide access to their twitter account from secondary devices even after changing passwords at the source.

Obviously this has huge implications for citizen journalists, activists, and human rights workers among others. Anyone who is detained and whose twitter passwords become compromised (as well as other applications, i'm guessing the facebook app for iPad also uses OAUTH, though it may just store the password) is at risk of providing ongoing access to these apps if they fail to remove the OAuth authorization after changing their passwords.

Subscribe by Email. . . RSS. . .
Creative Commons License
Symbols of Decay is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License..
Related written works at Angelfire, Sex Symbols, Cymbals of Silence.Repent or Die