Security Hero Rotating Header Image

Security flaw leads Twitter, others to pull OAuth support

Security flaw leads Twitter, others to pull OAuth support

A security hole in OAuth, the open-source protocol that acts as a “valet key” for users’ log-in information, has led services like Twitter and Yahoo to temporarily pull their support, CNET News has learned.

Some developers were dismayed when Twitter pulled its support for OAuth, which it had only recently started to implement: blogger Jesse Stay wrote in a post about other restrictions to Twitter’s developer API that its removal of OAuth is one of a number of recent examples of how the microblogging service has “pulled the rug out from under its developers.”

In the interest of online safety, CNET News has chosen not to make the details of the security hole public. Here are the basics: The hole makes it possible for a hacker to use social-engineering tactics to trick users into exposing their data. The OAuth protocol itself requires tweaking to remove the vulnerability, and a source close to OAuth’s development team said that there have been no known violations, that it has been aware of it for a few days now, and has been coordinating responses with vendors. A solution should be announced soon.


Leave a Reply

Your email address will not be published. Required fields are marked *