Security and the Net

News and opinions about security, the internet and more

Entries Tagged ‘oauth’

OAuth session fixation attack

Last week, Twitter temporarily stopped using OAuth authentication. The information they posted on their blog was pretty light on details, and the same thing goes for the security advisory that was posted later. Since then, more details and some better explanations of attack scenario’s have surfaced; let’s have a closer look at the security issue […]

Leave a Comment

Twitter gets ready for OAuth authentication

According to this FAQ, Twitter is getting ready to support OAuth sometime next month. This is great news; up until now, every service using Twitter’s API needed your login name and password. That meant problems when changing passwords, and extra ways for your password to be exposed to hackers.  With the new OAuth authentication, external […]

Leave a Comment