PaulDotCom mailing list archives
Twitter Hijacking
From: softreset64738 at gmail.com (Soft Reset)
Date: Fri, 20 Nov 2009 10:36:51 -0800
I just noticed it and was wondering if anyone else had. Twitter has their "authenticity_token" as a 'hidden' input on forms...including password changes, resets, etc. Anyone tried hijacking a twitter login to verify this is bad form (no pun intended)? Don't want to re-invent the wheel if someone already did it. If someone has tried it successfully, has it been brought up to the twitter folks as a push for full SSL sessions? (yeah, I know SSL is also having issues at the moment, but still...) --sr6 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091120/4c563664/attachment.htm
Current thread:
- Twitter Hijacking Soft Reset (Nov 20)
- Twitter Hijacking Chris Biettchert (Nov 20)
- Twitter Hijacking Soft Reset (Nov 20)
- Twitter Hijacking John Miller (Nov 20)
- Twitter Hijacking Soft Reset (Nov 20)
- Twitter Hijacking Knight, Brandon (Nov 20)
- Twitter Hijacking Soft Reset (Nov 20)
- Twitter Hijacking Chris Biettchert (Nov 22)
- Twitter Hijacking Soft Reset (Nov 20)
- Twitter Hijacking Chris Biettchert (Nov 20)