Narrow your search
Attackers can use the "Covert Redirect" vulnerability in both open-source log-in systems to steal your data and redirect you to unsafe sites.
The microblogging site says no accounts have been compromised after a hacker claims to have acquired user details by allegedly breaking into its databases.
The standard grew too far away from its roots as a simple Web authentication technology, author Eran Hammer-Lahav says, and now is insecure and overly broad.
Webware 100 Editors' Choice: OAuth
Use of the open-source protocol has been put on hold by some major Web services until a security issue has been resolved, developers tell CNET News.
Twitter's OAuth interface is now open to all developers, enabling more secure access to the service via its application programming interface from third-party Web sites.
The search giant's Google Gadgets platform is adopting the open authentication standard for controlling privacy. Move follows June move to use OAuth for the Google Data API.
Messages sent by hundreds of accounts testify to dramatic weight loss and link to same suspicious site pedaling diet pills.
The link-shortening service issues an “urgent security update” saying that it has disconnected users’ Facebook and Twitter accounts because of a probable breach.
Google's social network-powered sign-in system gives developers more nuanced options when asking for user permissions.