Skip to main content

Gaping hole found in Twitter OAuth authentication process

September 4, 2010

Gaping hole found in Twitter OAuth authentication process

TechEye.net, By Dean Wilson

Twitter recently ditched its Basic authentication method for OAuth authentication, which is intended to be more secure, but Ryan Paul at Ars Technica believes OAuth is inherently flawed and that Twitter has done a botched job at implementing it, making it an even greater security threat.

In a strongly worded diatribe Paul said the OAuth standard “has many significant weaknesses and limitations”, calling it “an inelegant hack that lacks maturity and fails to provide clear guidance on many critical issues that are essential to building a robust authentication system.”

Read more

Gaping hole found in Twitter OAuth authentication process

Gaping hole found in Twitter OAuth authentication process
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases