I think when powping launched someone did hack it and posted from another users account using the exact technique you described. I think the same authentication string was being signed by all users so was easy to do. I think now the auth challenge does include a timestamp and/or some other random data. I dont know the details though.
I think when powping launched someone did hack it and posted from another users account using the exact technique you described. I think the same authentication string was being signed by all users so was easy to do. I think now the auth challenge does include a timestamp and/or some other random data. I dont know the details though.