Today we have been made aware that Twitbin, the twitter client for firefox (we wrote about twitbin here ), fails the most basic password security tests. The problem is that it stores your username and password in plain text in a browser cookie. This is very bad practice.
Thanks to YABFOG's post for making us aware of this.
It is recommended that you uninstall Twitbin until such time that they provide proper security for your credentials.
- Twittown Editors's blog
- -35 points
Search TwitTown
Blog Categories
TwitTown Blog Top Ten
- Another windows client for Twitter - triQQr(130 points)
- Use Twitter in the Library(126 points)
- Use Twitter for Good Things!(124 points)
- Twitter article in the Guardian (UK)(115 points)
- Twitbin – The firefox Twitter plug in with ads(113 points)
- Of course Twitter is going to scale!(112 points)
- Twitter client for Zimbra Collaboration Suite(107 points)
- Digg, censors stories, shuts down submissions and then restores them(105 points)
- Twittervision Screensaver(100 points)
- Twittervision releases API to its twitter geo-locator service(99 points)
TwitTown Forge Top Ten
- Mobypicture(246 points)
- Vtwitter(176 points)
- Twittervision Screensaver(117 points)
- Thincloud(114 points)
- Flussgeist (L'Attente, The Waiting)(112 points)
- Firefox twitterbar(103 points)
- Twitter Earth(100 points)
- Maxthon Twitter plug-ins(98 points)
- Comment Twitter SMS Notification(96 points)
- Twitterfox(96 points)
Forum Activity
Who's online
There are currently 0 users and 8 guests online.
Comments
Beat me to it
Brian, you beat me to it. All fixed in Twitbin. http://www.yabfog.com/wp/2007/10/26/twitbin-fixes-security-flaw
Security risk fixed
Hey Twittown,
We've released a patch to this issue, it has already been uplaoded, and is live on the servers. All one has to do to get the update is clear their cache and their cookies.
Thanks for your patience,
Brian
Post new comment