Even More XSS Worms

This morning I spotted several blog posts mentioning that Twitter has been hit by yet another XSS worm.

There is no merit in discussing how this has been done and for what purposes but this incident is yet another proof that the attack landscape is rapidly changing and moving towards web enabled infrastructures and the client-side. [...]

more | comments | comments rss | posted by

Twitter’s Security is so Poor

…and there are a lot of privacy concerns too.

IMHO, the way the Twitter folks designed their system, is totally wrong. The one and only major concern is that 3rd-part software is allowed to communicate with Twitter’s API by using the user’s login credentials. This is a bit insane as you can imagine. Why would you want to share your username and password with someone you certainly don’t trust? [...]

more | comments | comments rss | posted by