Wizardies!

The Brian Shelar Blog raised an important issue regarding Twitter’s serious security hole. Basically, it tells how your twitter account is taken over when you share your twitter login credentials with anyone. Later, even changing your password doesn’t help.

Another important issue with Twitter is that it has not implemented OAuth yet. OAuth is an open protocol to allow secure API authorization in a simple and standard method from desktop and web applications. So, for that matter, any 3rd party needs your login credentials in order to fetch your data from your Twitter Account.

Remember that Twitterank’s scandal? Similar other services like Twitter Karma,  SocialToo ask for your Twitter login details to tell you your rank or some other info that is really of no use. But remember! no matter even if you dont care about hacking of your Twitter Account, you ARE at risk! because the hacker might be guessing your login credentials for other services and accounts also, or even the hacker might get to the login details of your financial services’ online accounts. So it is always risky. Be careful while handling over your login credentials to any 3rd party, especially when the service itself has loopholes.

Similar is the case when you invite your friends on facebook, orkut, myspace etc, they ask you to enter your Email and Password. They also display a note that they don’t store your email login information anywhere, and you have no other option except for trusting them. And Yes! there is no harm in trusting reputable brands but Think Thrice! before entering your login information into an unknown or just another 3rd party app or service. Some online FTP services are also reported to have such login storing features, therefor don’t just jump onto any unknown service.