http://www.25hoursaday.com/weblog/ Dare Obasanjo Sat, 07 Nov 2009 17:09:59 GMT newtelligence dasBlog 2.1.8102.813 kpako@yahoo.com kpako@yahoo.com suppressed@unknown.org (Simon Jones) 5ecc5753-5269-4df1-9bee-0647cc715453 http://www.25hoursaday.com/weblog/CommentView.aspx?guid=397DAAAA-F589-451A-A3D1-53B10975572A Sat, 07 Nov 2009 17:09:59 GMT Some third party Twitter applications use Twitter for authentication. If an attacker has a victim's Twitter password, then the attacker can login to one of these applications and stay logged in to the application after the victim changes his Twitter password. In this scenario, it is useful to offer the user the option to revoke OAuth access tokens. <br /><br />Posted by: Simon Jones http://www.25hoursaday.com/weblog/CommentView.aspx?guid=397DAAAA-F589-451A-A3D1-53B10975572A