Duane Roelands wrote: > There was a great opportunity here for Twitter to be a security leader > in the social network space by saying "We don't want our users giving > their Twitter credentials to anyone except Twitter". It's a shame > they didn't stick to their gun; the result is going to be a less- > secure ecosystem. > One potential middle ground, that would require enforcement manpower but potentially create a win-win scenario, is to say that web apps are not allowed to use the u/pw OAuth flow except as a migration strategy, and punish (by deactivation) apps that do not comply.
- Michael -- mouse, n: A device for pointing at the xterm in which you want to type. Confused by the strange files? I cryptographically sign my messages. For more information see <http://www.elehack.net/resources/gpg>.
signature.asc
Description: OpenPGP digital signature