Ryan Paul / Ars Technica:
Compromising Twitter's OAuth security system  —  Twitter officially disabled Basic authentication this week, the final step in the company's transition to mandatory OAuth authentication.  Sadly, Twitter's extremely poor implementation of the OAuth standard offers a textbook example of how to do it wrong.