Wednesday, January 14, 2009

Twitter Leak

Gareth Heyes demonstrated on his blog that by exploiting a weakness in JSON, it is possible to extract the twits of the visitor's friends.

Twitter have fixed this issue, by making authentication on the friends timeline mandatory, as is already on other pages with sensitive information.
Giorgio Maone, the creator of NoScript, shows that the JSON weakness can still be demonstrated on the public timeline page. Fortunately, this page is intended for public information.

0 Comments:

Post a Comment

<< Home