Attackers can use the "Covert Redirect" vulnerability in both open-source log-in systems to steal your data and redirect you to unsafe sites.
Webware 100 winner: OpenID
The universal log-in standard hadn't come to Facebook sooner because of security and user experience concerns, a post on the social network's blog explained.
Larry Magid talks with Max Engel of the social network about the company's efforts to promote log-in identification cooperation among various sites.
We may not see OpenID coming to Facebook Connect anytime soon, but this is a big step for the social network that many open-standards advocates once wrote off for its walled-garden nature.
PayPal has joined the OpenID Foundation Board, HealthCentral has acquired Wellsphere, and CoveritLive has received $1.2 million in funding.
You own your identity. That's why we talk about identity theft: Identity is clearly personal, and it can be stolen from us. But it can also, in some cases, be legally taken. So who really owns your online identity? Your social network? Your reputation? We discuss with two experts: Dick Hardt, who worked on OpenID, and Peter Kazanjy of the reputation service Honestly.com.
The new browser extension helps identify OpenID participants and manage them across the Web. Good timing, considering Facebook Connect is about to make its big debut.
Google joins the OpenID fray with its own solution, which lets developers integrate a universal log-in for their users to sign on with their Google account.
Social network, which is also unveiling its Data Availability program in a phased launch, wants to be the hub of identity.