Hacker News new | comments | show | ask | jobs | submit login

Was api.linkedin.com compromised/hijacked? If so, that means they'll need to reset a lot of OAuth token/secrets which will be very painful indeed (worse than just a site-wide session reset).



Isn't that the point of OAuth? (versus HTTP basic auth)

Your secret key shouldn't be compromised, because you're supposed to keep that secret. Also if you use HTTPS for requests you'd still get a cert error even if DNS was routing incorrectly. You're probably fine.


Indeed, I misspoke and meant to say tokens/refresh tokens. A similar thing happened for Evernote a while back and knocked down all tokens and required re-authentication across the board.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: