[liberationtech] UPDATE - Re: potentially major security flaw in twitter
brianc at smallworldnews.tv
Thu Dec 22 11:29:40 PST 2011
So an update. Essentially I've run into what some of you have probably
previously mentioned, the impact of the OAuth protocol.
For an uninformed user of twitter, OAuth can cause them to provide access
to their twitter account from secondary devices even after changing
passwords at the source.
Obviously this has huge implications for citizen journalists, activists,
and human rights workers among others. Anyone who is detained and whose
twitter passwords become compromised (as well as other applications, i'm
guessing the facebook app for iPad also uses OAUTH, though it may just
store the password) is at risk of providing ongoing access to these apps if
they fail to remove the OAuth authorization after changing their passwords.
Does anyone know of resources that have been produced to raise awareness
about this issue, or similar issues? I'm wondering whether Small World News
should put some effort into developing a more comprehensive social media
security 101 that considers these technical issues as well as general best
On Wed, Dec 21, 2011 at 5:38 PM, Brian Conley <brianc at smallworldnews.tv>wrote:
> Hi all,
> So I don't really want to broadcast this to an entire list of people whom
> I don't know, but I've found what is potentially a huge flaw in twitter's
> security architecture. Can any of you connect me directly with someone at
> Twitter who is involved with security?
> I will be happy to brief the list once its fixed.
> Brian Conley
> Director, Small World News
> m: 646.285.2046
> Skype: brianjoelconley
> public key:
Director, Small World News
liberationtech mailing list
liberationtech at lists.stanford.edu
Should you need to change your subscription options, please go to:
If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator in monthly reminders.
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy