Attackers can use the "Covert Redirect" vulnerability in both open-source log-in systems to steal your data and redirect you to unsafe sites.
The standard grew too far away from its roots as a simple Web authentication technology, author Eran Hammer-Lahav says, and now is insecure and overly broad.
Changing course from earlier this year, Google takes a more developer-friendly stance on two of its calendar APIs.
Web 2.0 isn't all rounded corners and social networks. The guts of services like Twitter matter. A lot.
Any programmer now can build software to tap into Windows Live Messenger's network. Perhaps in time IM will become less fragmented and more useful.
Symantec estimates that hundreds of thousands of applications may have inadvertently leaked "spare keys" that provided advertisers and other third parties access to user accounts.
Your identity can be stolen, but it can also, in some cases, be legally taken. So who really owns your online identity? Your social network? Your reputation? We discuss with experts Dick Hardt and Peter Kazanjy.
Facebook's rep at the Future of Web Apps event in Miami this week was David Recordon, the company's open-standards guru. That's a crowd that the social network still has yet to win over.
Google joins the OpenID fray with its own solution, which lets developers integrate a universal log-in for their users to sign on with their Google account.
To build Glitch, the Flickr co-founder put together an impressive team of some of his earliest collaborators on the popular photo-sharing site.