Tag

In many ways this is much worse than the LinkedIn and Facebook Plist vulnerability exposed last week. Both social apps exposed plain text OAuth Tokens which enable a large amount of personal information to be snaffled from accounts, and in the case of Facebook, access any website...

Given the number of requests I’m currently recieving re using the keychain following my post regarding the use of plain text credientials in plists I’ve decided to reprint an excellent series of articles from Use Your Loaf which helped me get to grips with Keychain...

[UPDATED] LinkedIn update on 26-4-2012 appears to resolve this vulnerability, though no statement or reference to the vulnerability has been made by LinkedIn. Still, they have fixed it, which is a heck of a lot more than Facebook has done! Further testing on popular social apps...