I have come to love Twitterrific and while realizing some security issues I was having with Google’s Gmail Notifier, I uncovered yet another security concern. It appears that Twitterrific does not connect to the Twitter service via HTTPS, and rather, connects via HTTP and authenticates over plain text! WTF IS THIS!

I looked all through preferences just to make sure I didn’t miss somewhere, but, nope, no option to enable SSL or encrypted logins. I can understand downloading updates after an initial encrypted login is made for overhead on Twitter, but the clear text HTTP post for passwords is crazy! I had to do some digging and here I found how to correct this via the command line in Mac OS X:

defaults write com.iconfactory.Twitterrific protocol -string “https://”

I did one better and found a way to do it, “graphically” for those too afraid to mess with the command line in Mac OS X. It essentially does the same thing as the command line above. Here is how:

• Double click “Macintosh HD” (or whatever your hard drive is called)
• Click your username under “Places” (we are navigating to your user’s home directory)
• Double click “Library” under your home directory
• Double click “Preferences”
• Find the file “com.iconfactory.Twitterrific.plist” in this location and double click it, it should open in a program called “Property List Editor” which is a plist editor for this particular kind of file
• You will see a “Root” under the “Property List”, expand it (click the arrow next to Root) so you see all the “Child” variables to “Root”
• Highlight “Root” then click “New Child” then enter the name “protocol” (without the double quotes)
• Make sure the “Class” section for “protocol” says “String”, if not, use the pull down to change it as such
• Enter in for the value section of “protocol” “https://” (without the double quotes)
• Quit and click “Save” when prompted

When you restart Twitterrific, it will start connecting via HTTPS.

I don’t get why the developers put this in the plist if they didn’t at some point expect to have that functionality used. If that was the case what is with the lack of an option in the configuration area for this tool? At any rate, pissed off as I am that it has been doing this for so long, but now its secure, I guess I am now going to have to audit all my passwords again … sigh.

Oh and a major plug to the makers of Little Snitch, Objective Development! You can pick up this software here. Without that program, I probably would never have suspected such a glaring security issue was occurring. Pretty handy little program.

I hope this isn’t the case with the iPhone version of Twitterrific. I don’t like having to check behind every damn tool or application I use. In this day, it is simply inexcusable to not think about security first in your application development.

**** Update ****

Okay so I guess I am an idiot for not reading the “Read Me” file in the Twitterific download. It states:

protocol -string “http://” Allows Twitterrific to be configured for other protocols, such as “https://”.

Which is basically what I outlined above. I received an update from their support stating that the next version will have this by default for both clients, Mac and iPhone. So hopefully that comes very soon! Good work guys!

more cat pictures

Not since 1863 when Lincoln imposed martial law have we seen such a act passed. I came accross this news article here. There is also a better write-up here.

Apparently in Helena-West Helena, Arkansas a recent gang turf war has enacted drastic measures by the Mayor James Valley. They have enacted a 24-hour non-stop curfew. If you don’t have a valid reason for being outside, you go to jail. That means that the police have no need for probable cause and everyone is subject to search and investigation. The ACLU submitted a statement saying that the mayor has violated first, fourth, and fourteenth amendment.

Here is a news broadcast of the event:

Here is another news broadcast of the event:

OMG Please think of the children!

I love how when the cards are down, people are all but willing to give up their God given rights like the lady in the video approving the loss of her rights:

I commend the Helena-West Helena Police Department!

Now don’t get me wrong, I think its messed up the amount of crime that is going down there. The guy interviewed, Richard Robinson, hit the nail on the head, the way in which the local government there is handling it is completely wrong.

I love it when the mayor gives classic sound bites like:

This turf belongs to the tax payer citizens, not to the drug dealers and the hustlers. And we gonna pop them in the head!

Wow, how eloquent. You cant make this stuff up. The mayor is totally off his rocker, here is another article where:

… the mayor of an Arkansas community decides the way to deal with pet overpopulation is to take the pound dogs out into a national forest and “set them free”. -mylifewiththecritters.blogspot.com

Simply amazing that he is still in office.

People that know me, know that I have this terrible addiction to monkeys. They add a modifier to everything funny. I call it the “monkey modifier affect.” Add it to something, and it makes it 30% funnier.

So Holy crap man, this movie was totally made for me. What is funny about skating? Nothing much, but add the monkey modifier and here ya go. Monkeys really freaking skating on the freaking ice, ZOMFG:

Ice-Skating Monkeys

That is prally the most BAD-ASS movie I have EVER seen!

Badminton cant be all that cool now can it? Honestly I wasn’t even aware that this was an Olympic event. This will make you change your mind about how insane it can be:

Crazy Badminton - More amazing video clips are a click away

I mean holy crap! Is this crazy or what? I am afraid to say this, but I am honestly pumped up about watching it now after having seen this.