Compromising Twitter’s OAuth security system

[Ryan Paul for Ars:][link]

>Twitter officially disabled Basic authentication this week, the final step in the company’s transition to mandatory OAuth authentication. Sadly, Twitter’s extremely poor implementation of the OAuth standard offers a textbook example of how to do it wrong. This article will explore some of the problems with Twitter’s OAuth implementation and some potential pitfalls inherent to the standard. I will also show you how I managed to compromise the secret OAuth key in Twitter’s very own official client application for Android.

via [Schneier][via]

[link]: “Compromising Twitter’s OAuth security system”
[via]: “Bruce Schneier’s post on this”


PHP OAuth for LinkedIn WITHOUT Using PECL or Zend

Work-related plea: [Has anyone gotten LinkedIn’s API to play nice with PHP5 without the use of the PECL OAuth library or Zend’s?][link]

To the non-coders here: These are all Things, I promise. I did not make them up.

[link]: “LinkedIn Developer Network: PHP OAuth WITHOUT Using PECL or Zend?”