Comments on: Acknowledgement of the OAuth security issue

By: Peter Keane's Miscellanea · Layers

Peter Keane's Miscellanea · Layers — Mon, 04 Jan 2010 06:09:31 +0000

[...] that allows two separate services to interoperate. Maybe not seamlessly and perhaps not without the occassionaly glitch, but ultimately it works and the results can be astonishing (cf. THE [...]

By: A Fire Eagle updater for Windows Mobile « dale lane

A Fire Eagle updater for Windows Mobile « dale lane — Thu, 13 Aug 2009 21:53:24 +0000

[...] the security threat identified in OAuth last April, OAuth providers have got even more cautious, and the updated OAuth protocol is even more [...]

By: a walking city » Blog Archive » Java, OAuth, Signpost

a walking city » Blog Archive » Java, OAuth, Signpost — Sun, 28 Jun 2009 05:48:05 +0000

[...] with a number of services, including Twitter and using the new OAuth 1.0a spec that addresses the vulnerability found in the OAuth spec [...]

By: Web API a bezpečnosť

Web API a bezpečnosť — Tue, 16 Jun 2009 16:37:35 +0000

[...] užívateľa). Dnes už Twitter podporuje aj oveľa lepší OAuth, v ktorom bolo len nedávno objavená bezpečnostná zraniteľnosť, čo viedlo k dočasnému odstaveniu protokolu. Napriek tomu je tento protokol ďaleko [...]

By: airkart

airkart — Mon, 27 Apr 2009 04:25:05 +0000

Haha, that should be http://blog.ics.utsa.edu. Silly typos!

By: An update on the OAuth session fixation vulnerability « OAuth

An update on the OAuth session fixation vulnerability « OAuth — Sun, 26 Apr 2009 01:50:48 +0000

[...] OAuth An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications. « Acknowledgement of the OAuth security issue [...]

By: IT Blog

IT Blog — Sat, 25 Apr 2009 20:32:23 +0000

OAuth Problem…

We’d like to publicly show our appreciation for Twitter’s role in helping to minimize premature publicity of this threat, even at its own expense, taking the heat as if it was their own issue in order to allow other companies to address this threat.
…

By: Twitter Watch Out OAuth Has Security Problem with Exploits

Twitter Watch Out OAuth Has Security Problem with Exploits — Fri, 24 Apr 2009 21:49:22 +0000

[...] You can read more about this Security Advisory and Security Issue [...]

By: airkart

airkart — Fri, 24 Apr 2009 18:42:27 +0000

Chris,

Your post here and the followup on the OAuth site is a very good response explaining the session fixation attack. As a silver lining, it is worth pointing out that the fact that this attack was even detected shows OAuth is gaining traction (and the scrutiny that comes along for the ride).

For a “quick fix” to this issue, a post on http://blog.ics.utsa.edu/ covers how this particular attack can be mitigated.

Erhan

By: Top Posts « WordPress.com

Top Posts « WordPress.com — Fri, 24 Apr 2009 00:54:02 +0000

[...] Acknowledgement of the OAuth security issue I wanted to acknowledge that we are aware of a security threat first reported on by CNET that affects the OAuth [...] [...]