DISQUS

DISQUS Hello!  The comments on this profile are unclaimed and thus are unverified.

Do they belong to you? Claim these comments.

Tom's picture

Unregistered

Feeds

aliases

  • Tom

Tom

6 months ago

in louisgray.com: Hey Twitter, It's Not Just a Worm, It's an App on louisgray.com
I have to agree with Stiennon on this one. OAuth needs to be implemented but only solves third-party interactions with your account. OAuth does nothing to prevent traditional phishing attacks where you as a human mistakenly give your credentials to a fake site. Just like with any social media service (Facebook/Myspace) I can manually log in with stolen credentials and DM/spam friends and contacts. OAuth is only good when a third-party application is using your credentials. Just like how FriendFeed uses the remote key solution for third-party authentications to FriendFeed. Having stolen FriendFeed credentials I can still logon to FriendFeed as the victim. The remote key doesn't stop this type of attack. Twitter needs two-factor token based authentication and OAuth for a complete solution.
1 reply
jessestay's picture
jessestay Where this particular instance was a third-party attack however, you have to admit OAuth would have fixed this phishing attack. Twitter's repeated mention that it wouldn't have makes no sense.

10 months ago

in DC16 Recap on SecuraBit
Had a great time with you guys at DC16...hope to see you at Shmoocon!

1 year ago

in SecuraBit Episode 4 on SecuraBit
Great show..not too many audio issues that I could tell..you must have fixed them.

BTW, thanks for the comments on securityjustice.com! We appreciate it!

1 year ago

in SecuraBit Episode 1 on SecuraBit
Great podcast so far! Looking forward to more!
Returning? Login