Social Networking Security - Twitterank Issues
(Page 2 of 4 )
The Twitterank fiasco was especially revealing. It demonstrated unequivocally that thousands of microbloggers were prepared to hand over their passwords in exchange for what amounted to little more than a random number.
In a sense we should perhaps be grateful to the experiment's originator Ryo Chijiiwa for exposing a danger that has been growing for months in parallel with Twitter's ever-increasing popularity. On little more than a whim, Chijiiwa spent a hotel-bound evening hacking together an application to generate a Twitter popularity "ranking" based on the volume of inbound tweets to any named account.
In order to accomplish this he was forced to tackle the same problem as that faced by hundreds of other developers of third-party Twitter add-ons: the only way to make a web service request to Twitter is by supplying an account name and password.
In an obvious and unacceptable security hazard, the account information of anyone who uses such an add-on is passed to Twitter via the unregulated third-party site set up by the developer. And however tempting and appropriate it is to criticize users for supplying their account details to persons unknown, the fact is that the problem is largely of Twitter's own making.
By failing to implement technology such as OAuth to provide secure third-party access to its services, the company has opened the way to a whole variety of phishing expeditions. The fact that Chijiiwa's experiment turned out not to be one should not provide anyone with the even slightest shred of reassurance.
More Web Hosting Articles Articles
More By Bruce Coker