Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
Twitter OAuth API Keys Leaked
Posted by Philipp, 03/07/2013 07:19 PM
The OAuth keys and secrets that official Twitter applications use to access users Twitter accounts have been leaked in a post to Github this morning
From ThreadPost:
The consumer keys and secrets, which function similarly to a username and password, were posted for Twitter for iPhone, Android, iPad, Mac, Windows Phone and TweetDeck. Unapproved third-party applications can now use these secrets to impersonate legitimate third-party apps and circumvent any access control measures Twitter has in place for unofficial apps.
“In OAuth, the consumer keys identify your application (eg. if you had a third-party Twitter client like HootSuite). Therefore, the impact is that someone can take your app's consumer key and use the OAuth API pretending to be your application (eg. I can make API calls pretending to be the HootSuite application),” said Jon Oberheide, CTO and cofounder of Duo Security, a hosted two-factor authentication service for mobile devices. Oberheide downplayed the security implications of the lead, adding that there could be indirect risks that are specific to a particular application or service.
“In OAuth, the consumer keys identify your application (eg. if you had a third-party Twitter client like HootSuite). Therefore, the impact is that someone can take your app's consumer key and use the OAuth API pretending to be your application (eg. I can make API calls pretending to be the HootSuite application),” said Jon Oberheide, CTO and cofounder of Duo Security, a hosted two-factor authentication service for mobile devices. Oberheide downplayed the security implications of the lead, adding that there could be indirect risks that are specific to a particular application or service.
Read More @: Twitter OAuth API Keys Leaked
comments powered by Disqus
Related Stories
02/02/2013 08:19 AM: 250,000 Twitter Accounts Compromised by Philipp Esselbach
Twitter is reporting that attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 ...
12/20/2012 04:34 AM: Anonymous hackers' Twitter account suspended, reinstated by Jim McMahon
For the second time in a month, one of the Twitter accounts used by the hacking group known as Anonymous was suspended. But this time the account, @YourAnonNews, with more than three-quarter of a mill...
03/13/2012 09:58 PM: Twitter for Android 3.1.1 by Tim Tibbetts
Official Twitter app for Android. Follow your interests: instant updates from your friends, industry experts, favorite celebrities, and what’s happening around the world. Get short bursts of timely in...
12/02/2011 01:58 AM: Twitter for Android 2.1.2 by Hunter
Official Twitter app for Android. Follow your interests: instant updates from your friends, industry experts, favorite celebrities, and what’s happening around the world. Get short bursts of timely in...
Twitter is reporting that attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 ...
12/20/2012 04:34 AM: Anonymous hackers' Twitter account suspended, reinstated by Jim McMahon
For the second time in a month, one of the Twitter accounts used by the hacking group known as Anonymous was suspended. But this time the account, @YourAnonNews, with more than three-quarter of a mill...
03/13/2012 09:58 PM: Twitter for Android 3.1.1 by Tim Tibbetts
Official Twitter app for Android. Follow your interests: instant updates from your friends, industry experts, favorite celebrities, and what’s happening around the world. Get short bursts of timely in...
12/02/2011 01:58 AM: Twitter for Android 2.1.2 by Hunter
Official Twitter app for Android. Follow your interests: instant updates from your friends, industry experts, favorite celebrities, and what’s happening around the world. Get short bursts of timely in...