Attackers can use the "Covert Redirect" vulnerability in both open-source log-in systems to steal your data and redirect you to unsafe sites.
Webware 100 winner: OpenID
The universal log-in standard hadn't come to Facebook sooner because of security and user experience concerns, a post on the social network's blog explained.
Larry Magid talks with Max Engel of the social network about the company's efforts to promote log-in identification cooperation among various sites.
We may not see OpenID coming to Facebook Connect anytime soon, but this is a big step for the social network that many open-standards advocates once wrote off for its walled-garden nature.
PayPal has joined the OpenID Foundation Board, HealthCentral has acquired Wellsphere, and CoveritLive has received $1.2 million in funding.
The new browser extension helps identify OpenID participants and manage them across the Web. Good timing, considering Facebook Connect is about to make its big debut.
Google joins the OpenID fray with its own solution, which lets developers integrate a universal log-in for their users to sign on with their Google account.
Social network, which is also unveiling its Data Availability program in a phased launch, wants to be the hub of identity.
Open-source project hosting site SourceForge.net is embracing OpenID--an open-source single sign-on technology that allows an individual to jump between online accounts without re-entering a username and password each time.