Simon Willison’s Weblog

The Anatomy Of The Twitter Attack. Long-winded explanation of the recent Twitter break-in, but you can scroll to the bottom for a numbered list summary. The attacker first broke in to a Twitter employee’s personal Gmail account by “recovering” it against an expired Hotmail account (which the attacker could hence register themselves). They gained access to more passwords by searching for e-mails from badly implemented sites that send you your password in the clear.

# 20th July 2009, 12:55 am / gmail, hotmail, passwords, security, twitter

identity-matcher. Dopplr’s social network importing code (for Gmail, Twitter, Facebook and sites supporting Microformats), implemented as a Rails ActiveRecord plugin.

# 4th October 2007, 2:53 pm / dopplr, facebook, fowa, fowa2007, gmail, identitymatcher, matt-biddulph, microformats, openid, plugins, portablesocialnetwork, rails, ruby, social-graph, twitter

WebRunner 0.7—New and Improved. A simple application for running a site-specific browser for a service (e.g. Twitter, Gmail etc). This is a great idea: it isolates your other browser windows from crashes and also isolates your cookies, helping guard against CSRF attacks.

# 27th September 2007, 1:55 pm / browsers, csrf, gmail, security, sitespecificbrowsers, twitter, webrunner, xulrunner

Importing your social network from other sites. Dopplr now does this from GMail, Twitter, vCard or hCard and XFN. I’m convinced that contact import is a killer app for OpenID.

# 26th June 2007, 1:46 am / contactimport, dopplr, gmail, hcard, microformats, openid, twitter, vcard, xfn