

Flickr's API vulnerable to straightforward message digest attack - tptacek
http://netifera.com/research/flickr_api_signature_forgery.pdf

======
there
<http://news.ycombinator.com/item?id=401926> on
<http://news.ycombinator.com/item?id=401876>

colin, did flickr ever reply to you about that?

~~~
tptacek
The major problem with Flickr's scheme is both academically trivial and
something that Colin didn't (in any public forum) notice. Which says nothing
about Colin, who is very smart, and everything about how ridiculous it is to
try to build secure systems that depend on basic crypto primitives.

