Today my friend was writing a small application to post updates to twitter. We found that the API is not secure (does not use SSL). I installed network packet capture programs and was able to capture the request headers what the twitter client was sending. It was basic authorization which is encoded using base64.
Is there anyway you can avoid this?
- For now use simple password until twitter updates their API with SSL
- Don’t fight with your network administrators 😉