Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Twitter OAuth feature can be abused to hijack accounts, researcher says

Lucian Constantin | April 12, 2013
The callback feature in Twitter's OAuth implementation can be abused, a researcher said at Hack in the Box

The developer built an open-source OAuth library for Mac OS X that can be used to interact with the Twitter API and generate authorization links with rogue callback URLs. However, the library, which is called STTwitter, was built for legitimate purposes and is intended to add Twitter support to Adium, a popular multi-protocol chat client for Mac OS X.

According to Seriot, Twitter could prevent such attacks by disabling the callback functionality from its OAuth implementation. However, he doesn't believe that the company will do this, because it's technically a legitimate feature that's used by some clients.

Twitter did not immediately respond to a request for comment sent Thursday.


Previous Page  1  2 

Sign up for Computerworld eNewsletters.