permalink

2

Twitter Security Issue, Don’t use your main password

Today my friend was writing a small application to post updates to twitter. We found that the API is not secure (does not use SSL). I installed network packet capture programs and was able to capture the request headers what the twitter client was sending. It was basic authorization which is encoded using base64.

twitter-post-request-header

Is there anyway you can avoid this?

  • For now use simple password until twitter updates their API with SSL
  • Don’t fight with your network administrators 😉

2 Comments