Narrow your search
Attackers can use the "Covert Redirect" vulnerability in both open-source log-in systems to steal your data and redirect you to unsafe sites.
The microblogging site says no accounts have been compromised after a hacker claims to have acquired user details by allegedly breaking into its databases.
The standard grew too far away from its roots as a simple Web authentication technology, author Eran Hammer-Lahav says, and now is insecure and overly broad.
Webware 100 Editors' Choice: OAuth
Use of the open-source protocol has been put on hold by some major Web services until a security issue has been resolved, developers tell CNET News.
Twitter's OAuth interface is now open to all developers, enabling more secure access to the service via its application programming interface from third-party Web sites.
The search giant's Google Gadgets platform is adopting the open authentication standard for controlling privacy. Move follows June move to use OAuth for the Google Data API.
Microsoft adds IMAP and OAuth support to its Outlook.com email service, providing what it says is a "richer email experience across devices and apps."
App's OAuth token is pulled a day after nearly 2,000 people used it to send a wave of simultaneous tweets to a pair of U.S. senators.
Programmers now can use the OAuth standard to tap into information through Google's data-sharing interface. Also, Google Data comes to Google Finance.