OAuth so Awful!

In the space of a fortnight, Twitter has suffered two nasty vulnerabilites that allow unauthorised account access. First it was a user's ability to maliciously insert Javascript into their profile. Now it is OAuth, an open user authentication protocol used by a fair few sites, including Twitter.

Here is Twitter's official announcement of the issue.

Here is the Google Groups discussion.


It's quiet in here...Add your comment