Jonathan Stark’s profile

We are connected.

Latest Comments

1

Hi all -

Great post and great comments. I was glad to see DD's comments because I was thinking precisely the same thing. I recognize that the problem exists, but think it's something that should be addressed by Twitter (or maybe SMS), not every publisher worldwide.

That said, I don't know how Twitter could do anything about it if they want to continue to support updates via SMS. I guess that the idea of "pre-expanding" urls from known shortening services would be a good start. At least then the middleman is removed as a point of failure, etc...

Best,

j

Posted in Save the Internet with rev="canonical".

Sun, 12 Apr 2009 at 21:04:23 GMT


2

Thanks for clearing that up. #1 in particular makes sense to me. I was thinking of it more from the perspective of a site user rather than a site developer.

Posted in Twitter Don't Click Exploit.

Thu, 19 Feb 2009 at 19:23:17 GMT


3

I am sure everyone is going to goof on me, but I don't see the significance of the distinction being made between clickjacking and csrf in this exploit. I get that it's not executed in the same manner, but it could have been csrf just as easily, right? Who cares if I am clicking the actual button or an invisible overlay? Tougher for the target site to defend against, perhaps?

Posted in Twitter Don't Click Exploit.

Tue, 17 Feb 2009 at 03:49:14 GMT


4

Hi guys -

I'm a big shiflett.org fan, but this is my first post. I apologize if it's too spam-y, but I built a twitter knock-off for the iPhone that is picture-centric, rather than text-centric. A couple of posts above sounded like they might be interested in that sort of thing.

Please stop by and let me know what you think. I myself am addicted to it, particularly when traveling and looking for a dead-simple way to share sights with folks back home. Here's the link:

http://www.apple.com/webapps/social...king/tittr.html

P.S. Please let me know if I have made any security blunders ;)

Posted in I Almost Get Twitter.

Mon, 26 Nov 2007 at 06:09:09 GMT


About

  • Twitter: @jonathanstark
  • Location: Providence, RI
  • Joined: November 2007
  • Comments: 4