Comments on: You Don’t Know What My Twitter Leaks

By: JSONP (yIII): Cuestiones de seguridad y ASP.NET rompiendo la compatibilidad en 3.5 - Blog de José Manuel Alarcón Aguín en Geeks.ms (alternativo a www.JASoft.org) - Geeks•ms

Mon, 12 Oct 2009 13:49:53 +0000

[…] utilizar (muchas de las cuales ni siquiera son conocidas hoy, pero pueden surgir). Por ejemplo, Twitter fue crackeado no hace mucho usando técnicas avanzadas de JavaScript y el acceso a los datos JSON remotos […]

By: JSON Hijacking | Test Blog

JSON Hijacking | Test Blog — Fri, 26 Jun 2009 04:02:38 +0000

[…] However, there’s another related exploit that seems to affect many more browsers. It was brought to my attention recently by someone at Microsoft and Scott Hanselman and I demonstrated it at the Norwegian Developers Conference last week, though it has been demonstrated against Twitter in the past. […]

By: Firefox Add-On NoScript Updated to Version 1.9.0.6 | Infosecurity.US

Firefox Add-On NoScript Updated to Version 1.9.0.6 | Infosecurity.US — Mon, 23 Feb 2009 19:05:57 +0000

[…] New exclusive protection against JSON and E4X hijacking. […]

By: wawadave

wawadave — Mon, 26 Jan 2009 15:13:44 +0000

though you say writing a filter is easy i do not know how as i,m sure many do not.
Plus there is allso the need to know what sites would have to be added again i do not know. So others will not ether.

By: Woot! What’s Buzzing Now? » Blog Archive » This is What I’M Looking At Today. « Shades’ Trades & More

Sat, 24 Jan 2009 11:20:37 +0000

[…] hackademix.net » You Don’t Know What My Twitter Leaks […]

By: links for 2009-01-13 | Yostivanich.com

links for 2009-01-13 | Yostivanich.com — Tue, 13 Jan 2009 15:06:34 +0000

[…] hackademix.net » You Don’t Know What My Twitter Leaks Another Twitter security hole. (tags: twitter security programming webdevelopment) […]

By: Gareth Heyes

Gareth Heyes — Tue, 13 Jan 2009 15:06:00 +0000

@Giorgio

maone-20rc1 takes priority :)
Congrats btw!

By: Giorgio

Giorgio — Tue, 13 Jan 2009 12:21:44 +0000

@Gareth:
ABE should be ready for general consumption by June (there’s even a formal project plan), but I should have something testable by the end of February, unless a more important release interferes too much.

By: Gareth Heyes

Gareth Heyes — Tue, 13 Jan 2009 11:09:08 +0000

@Giorgio

Cool I like this feature:-
Site www.somesite.com/logout
Accept GET, POST from SELF
Deny

When is it ready? Also is there gonna be a UI for the rules creation?

By: Giorgio

Giorgio — Tue, 13 Jan 2009 10:39:12 +0000

@Gareth:
As I told you, the ultimate client-side protection against CSRF will be ABE.