Twitter Security Issue, Don’t use your main password

Today my friend was writing a small application to post updates to twitter. We found that the API is not secure (does not use SSL). I installed network packet capture programs and was able to capture the request headers what the twitter client was sending. It was basic authorization which is encoded using base64.

Is there anyway you can avoid this?

For now use simple password until twitter updates their API with SSL
Don’t fight with your network administrators 😉

–

By Imthiaz

Programmer, SAAS, CMS & CRM framework designer, Love Linux & Apple products, Currently addicted to mobile development & working @bluebeetle

View all of Imthiaz's posts.

2 comments

Hameedullah Khan says:

April 23, 2009 at 8:10 pm

Oauth is the answer, but unfortunately it is still in beta and currently temporarily disabled. 🙂
Michael Hendrickx says:

May 23, 2009 at 1:07 pm

Yes, a plain simple HTTP post to https://twitter.com/ 😉

Comments are closed.