I’m trying out the new Android app for Path – the new social networking service. I’ve discovered something rather troubling…
Most of the app’s communication with the Path servers is over SSL. This means that no-one can see the data you’re sending and receiving. If there are snoops on your network, they …
QR-jacking is the act of covering up a QR code and replacing it with an alternative – often malicious – code.
Your carefully crafted code could be replaced by one which…
Points to a rival’s site.
Calls a premium rate phone number.
Redirects the user to a site which EXPOSES THE TRUTH BEHIND…
Goes to a non-legitimate site which …
Quick Summary
Twitter’s secure API hides the contents of the tweets you are reading. But it doesn’t hide the images of those you converse with.
Raised as Issue 2175.
A Bit More Detail
Twitter has a secure (HTTPS) and insecure (HTTP) API.
When calling the secure API, all the content of the returned message (tweets) are encrypted. Eavesdroppers …
Why doesn’t Twitter’s OAuth let me specify the length of time a 3rd party has access to my account? Take a look at all the crap you’ve given access to your Twitter account. Are you ever going to use that “See how many of your friends like cheese” app again? No.
Long time …
This morning, when I logged on to Twitter, I saw a user who I didn’t recognise tweeting away in my timeline.
I wracked my brains thinking about how they could have gotten in there before I realised it was a long-dormant friend who had changed their name and avatar.
But, in thinking about how a spammer …
Twitter have announced that all third party site will have to use OAuth. You will no longer be able to just type in your username and password to get access to Twitter via your favourite web client.
Usually, I would be a big fan of this move – especially if it forces password anti-pattern sites …
I’m a big fan of OAuth – despite some claims to the contrary. It’s an excellent way of teaching people not to stick their username and password into any old site which asks for it. Which is why I’m so incredibly disappointed in Twitter’s implementation of mobile OAuth.
For a service which started …
Twitter has a gaping security hole. Changing your password won’t stop malicious users logging in as you!
I received a rather worrying email from Twitter. Apparently they thought my password had been compromised and needed to be reset.
After checking to see if it was valid, I went and changed my password. Any site which relied …
Monitoring your home or business used to mean having an array of unsightly camera feeding grainy, washed out pictures into a row of VHS machines. In recent years we’ve seen the move to digital pictures, infra-red beams for night vision and, most recently, viewing over the Internet.
What’s the next logical step? Viewing on your …
Recent Comments