Feature: Compromising Twitter’s OAuth security system

Learn How To Remove Spyware Virus

Feature: Compromising Twitter’s OAuth security system

Computer infected with Trojans, Spyware or Virus? Are you getting many fake security pop-ups and warnings? Computer working really slow? Not to worry. Our website provides you with free virus removal steps and free malware removal tools to remove spyware, trojans and virus. Search this site for removal instructions and Free Spyware Removal tools.

Download Spyware Doctor To Remove This Virus "Spyware Doctor delivers powerful protection against spyware and adware threats. Spyware Doctor is honored by many of the world’s leading PC mags, including PC World, PC Magazine, and CNET."

Feature: Compromising Twitter’s OAuth security system

2 September 2010

Twitter officially disabled Basic authentication this week, the final step in the company’s transition to mandatory OAuth authentication. Sadly, Twitter’s extremely poor implementation of the OAuth standard offers a textbook example of how to do it wrong. This article will explore some of the problems with Twitter’s OAuth implementation and some potential pitfalls inherent to the standard. I will also show you how I managed to compromise the secret OAuth key in Twitter’s very own official client application for Android.

OAuth is an emerging authentication standard that is being adopted by a growing number of social networking services. It defines a key exchange mechanism that allows users to grant a third-party application access to their account without having to provide that application with their credentials. It also allows users to selectively revoke an application’s access to their account.