Hi all, So an update. Essentially I've run into what some of you have probably previously mentioned, the impact of the OAuth protocol. For an uninformed user of twitter, OAuth can cause them to provide access to their twitter account from secondary devices even after changing passwords at the source. Obviously this has huge implications for citizen journalists, activists, and human rights workers among others. Anyone who is detained and whose twitter passwords become compromised (as well as other applications, i'm guessing the facebook app for iPad also uses OAUTH, though it may just store the password) is at risk of providing ongoing access to these apps if they fail to remove the OAuth authorization after changing their passwords. Does anyone know of resources that have been produced to raise awareness about this issue, or similar issues? I'm wondering whether Small World News should put some effort into developing a more comprehensive social media security 101 that considers these technical issues as well as general best practices? Regards Brian On Wed, Dec 21, 2011 at 5:38 PM, Brian Conley <brianc@smallworldnews.tv>wrote:

Hi all,

So I don't really want to broadcast this to an entire list of people whom I don't know, but I've found what is potentially a huge flaw in twitter's security architecture. Can any of you connect me directly with someone at Twitter who is involved with security?

I will be happy to brief the list once its fixed.

Brian

--

Brian Conley

Director, Small World News

http://smallworldnews.tv

m: 646.285.2046

Skype: brianjoelconley

public key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE827FACCB139C9F0

-- Brian Conley Director, Small World News http://smallworldnews.tv m: 646.285.2046 Skype: brianjoelconley public key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE827FACCB139C9F0 _______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE