We're in contact with TwitPic's developer, and we reach out to developers with security issues. We want to keep the "barrier to entry" as low as possible on the Twitter platform, and a vetting system doesn't dovetail with that philosophy.
On Mon, Jun 29, 2009 at 16:03, Scott Haneda <[email protected]> wrote: > > Got to love these headlines: > http://mashable.com/2009/06/28/britney-spears-dead/ > > They clearly point the finger at twitter in the headline, but reading on, > and it is clearly a twit pic issue. > > I see these all over the place. Have you considered some sort of vetting > system for sites that are asking for twitter credentials on a 3rd party > site? > > I can see that twitpic may not be able to use o-auth, as they want to be > able to stand alone and a image host. If there was some sort of > communication where you worked with the large sites like twit pic, it may > help. As it is now, I fell for it, I read the headline, and thought ti was > a twitter issue. > > Just some food for thought. > > On Jun 29, 2009, at 3:54 PM, Alex Payne wrote: > > Any recent celebrity-related compromises I'm aware of having been, as you >> said, "media 'hacking'". The last issue I'm aware of that resulted from >> actually taking advantage of a security flaw in our system was the >> "Mikeyy" >> worm that was going around for a weekend several months ago. We've done a >> lot of security work since then, and there's more in progress. >> >> On Mon, Jun 29, 2009 at 15:40, Scott Haneda <[email protected]> wrote: >> >> >>> I heard the other day that in the wake of the MJ stuff, a few high >>> profile >>> celebs accounts where hacked. Is this media "hacking" and there were >>> just >>> weak passwords, or their email accounts were compromised, or were these >>> real >>> live hacks where someone brute forced, or did otherwise nefarious acts to >>> get in. >>> >>> Some clarification on these events would help to let us know where and >>> how >>> people are getting in, so we can tighten things up on our end. If the >>> hacks >>> are just email accounts being gotten into, there is nothing twitter apps >>> need to do. If it is something else, there may be other things we can do >>> to >>> keep the accounts safe. >>> >> > -- > Scott * If you contact me off list replace talklists@ with scott@ * > > -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
