Simon Willison’s Weblog

Quotations tagged security, phishing

Filters: Type: quotation × security × phishing ×


The username/password key’s major disadvantage is that it open all the doors to the house. The OAuth key only opens a couple doors; the scope of the credentials is limited. That’s a benefit, to be sure, but in Twitter’s case, a malicious application that registered for OAuth with both read and write privileges can do most evil things a user might be worried about.

Alex Payne # 5th January 2009, 10:47 am

OAuth came out of my worry that if the Twitter API became popular, we’d be spreading passwords all around the web. OAuth took longer to finish than it took for the Twitter API to become popular, and as a result many Twitter users’ passwords are scattered pretty carelessly around the web. This is a terrible situation, and one we as responsible web developers should work to prevent.

Blaine Cook # 14th August 2008, 10:01 am

The statement that the password anti-pattern “teaches users to be phished” should be rephrased “has taught users to be phished”

Me, on Twitter # 13th August 2008, 12:52 pm

A typical phishing email will have a generic greeting, such as ’Dear User’. Note: All PayPal emails will greet you by your first and last name.

PayPal's Phishing Guide # 22nd September 2007, 2:33 pm

Why don’t we have a .bank or .bank.country_code TLD that’s regulated by the same people that regulate the banks themselves?

Dean Wilson # 7th January 2007, 10:22 pm