OAuth

An open protocol to allow secure API authorization in a simple and standard method from web, desktop, and mobile applications.

1. Mashery » Blog Archive » OAuth Security and Community Response (and why it’s ok for you to take a deep breath) 4.22.09 / 6pm

   [...] some of you may have seen earlier today, a minor security threat was uncovered in the OAuth protocol.  It’s a [...]

   Log in to Reply
2. Cliqset OAuth temporarily disabled « Cliqset Social Blog 4.23.09 / 4am

   [...] http://blog.oauth.net/2009/04/22/acknowledgement-of-the-oauth-security-issue/ [...]

   Log in to Reply
3. Saurabh Sahni » Twitter trends and Hot tweets for YOU 4.23.09 / 7am

   [...] (22nd April): An OAuth security issue has been discovered and several OAuth services including twitter have disabled it temporarily. You cannot try the hack [...]

   Log in to Reply
4. Understanding the OAuth vulnerability | Software and Opinions 4.23.09 / 11am

   [...] night’s OAuth Security Advisory 2009.1 was a little light on the details. The blog post wasn’t much better. I was peripherally involved in the OAuth spec development and I [...]

   Log in to Reply
5. Top Posts « WordPress.com 4.23.09 / 5pm

   [...] Acknowledgement of the OAuth security issue I wanted to acknowledge that we are aware of a security threat first reported on by CNET that affects the OAuth [...] [...]

   Log in to Reply
6. airkart 4.24.09 / 11am

   Chris,

   Your post here and the followup on the OAuth site is a very good response explaining the session fixation attack. As a silver lining, it is worth pointing out that the fact that this attack was even detected shows OAuth is gaining traction (and the scrutiny that comes along for the ride).

   For a “quick fix” to this issue, a post on http://blog.ics.utsa.edu/ covers how this particular attack can be mitigated.

   Erhan

   Log in to Reply
   1. airkart 4.26.09 / 9pm

      Haha, that should be http://blog.ics.utsa.edu. Silly typos!

      Log in to Reply
7. Twitter Watch Out OAuth Has Security Problem with Exploits 4.24.09 / 2pm

   [...] You can read more about this Security Advisory and Security Issue [...]

   Log in to Reply
8. IT Blog 4.25.09 / 1pm

   OAuth Problem…

   We’d like to publicly show our appreciation for Twitter’s role in helping to minimize premature publicity of this threat, even at its own expense, taking the heat as if it was their own issue in order to allow other companies to address this threat.
   …

   Log in to Reply
9. An update on the OAuth session fixation vulnerability « OAuth 4.25.09 / 6pm

   [...] OAuth An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications. « Acknowledgement of the OAuth security issue [...]

   Log in to Reply
10. Web API a bezpečnosť 6.16.09 / 9am

    [...] užívateľa). Dnes už Twitter podporuje aj oveľa lepší OAuth, v ktorom bolo len nedávno objavená bezpečnostná zraniteľnosť, čo viedlo k dočasnému odstaveniu protokolu. Napriek tomu je tento protokol ďaleko [...]

    Log in to Reply
11. a walking city » Blog Archive » Java, OAuth, Signpost 6.27.09 / 10pm

    [...] with a number of services, including Twitter and using the new OAuth 1.0a spec that addresses the vulnerability found in the OAuth spec [...]

    Log in to Reply
12. A Fire Eagle updater for Windows Mobile « dale lane 8.13.09 / 2pm

    [...] the security threat identified in OAuth last April, OAuth providers have got even more cautious, and the updated OAuth protocol is even more [...]

    Log in to Reply
13. Peter Keane's Miscellanea · Layers 1.3.10 / 10pm

    [...] that allows two separate services to interoperate. Maybe not seamlessly and perhaps not without the occassionaly glitch, but ultimately it works and the results can be astonishing (cf. THE [...]

    Log in to Reply

Blog at WordPress.com. | Theme: Hemingway.

Entries RSS Comments RSS