Publications

Twitter goes OAuth-only (Yay for security!)

In a long overdue move, Twitter turned off basic authentication for third-party applications, while enforcing OAuth for all apps. This is a move that should be applauded by anyone concerned about the security of their Twitter account.

This latest move covers a potential vulnerability in the process of giving read/write access to third-party applications, which could lead to a Twitter account being compromised. Well, not anymore. You don’t need to give your username and password to third-party developers anymore if you want to use their application on your Twitter account.

Being always concerned about security, I salute Twitter’s move to enforce OAuth. This lets me use an application without having to share my Twitter username and password with an unknown entity. Also, hats off to all developers that updated their applications in time and made this change as seamless as possible for the majority of users.

However, keep in mind that OAuth doesn’t protect against local attacks – stealing passwords straight from the users’ machines. Make sure you use a clean computer when you log-in to Twitter. Also, for more tips on staying safe, I invite you to read my quick How to Avoid Getting Your Twitter Account Hacked guide on Threatpost.

Twitter goes OAuth-only (Yay for security!)

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2024

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns.

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

Subscribe to our weekly e-mails

The hottest research right in your inbox