[Noisebridge-discuss] DEFCON tweeting

aestetix aestetix aestetix at gmail.com
Tue Aug 4 22:12:39 UTC 2009 

Yep. I ran into this while writing Twitter Friendcast.

Up until a few months ago, Twitter's API was entirely HTTP Basic. Which is
very literally "login:password" base64 encoded. One of the reasons I moved
Friendcast to a webserver (rather than a full on firefox plugin) was to try
and get around this issue... better to have solid encryption between client
and my server, rather than my tool sending insecure data.

They've now adopted OAUTH in their API, but I'm not sure how many clients
readily use it. It is kind of a bitch to get working (as opposed to Basic),
and a pain to rewrite an existing system to it.

In general, the DefCon network should be considered rogue and hazardous,
especially people running lots of services and using poorly written
applications. In general, the rule of thumb is to bring a computer you don't
care about, and either wipe it or do a forensics study on it when you get
back. This also goes for systems which are fully up to date and patched,
because not everyone agrees with full disclosure :)

On Tue, Aug 4, 2009 at 3:04 PM, Al Billings <albill at openbuddha.com> wrote:

> It was like this last year too. Anyone using twitter on open wifi is
> an idiot.
>
> This is leaving aside whether anyone using the wifi was an idiot as
> well.
>
> On Aug 4, 2009, at 1:15 PM, Rodney Thayer wrote:
>
> > Al Billings wrote:
> >> Ceren and I were talking about using the hashtag #nbdc for DEFCON
> >> tweets for people attending this week. She's putting it on the wiki
> >> page but I thought that I'd mention it here since some people have
> >> already left and may not be looking at the page.
> >
> > How's Twitter's rep after Defcon?  Walking by the Wall of Sheep and
> > seeing it drowning in Twitter passwords was just twitchy, dude...
>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20090804/2059f98e/attachment-0003.html>

More information about the Noisebridge-discuss mailing list