While the merits of several solutions to the OAuth session fixation vulnerability are still being hashed out on the wiki, I wanted to share the latest episode of theSocialWeb.tv, captured yesterday on location at Google’s headquarters in Mountain View, providing some background and technical details about the problem, as told by Eran Hammer-Lahav, who has been coordinating the community’s response.

Marshall Kirkpatrick of ReadWriteWeb also has a great write-up of the timeline of events that lead to the discovery of the issue, shedding more light on how quickly the community mobilized to confront this threat.

There have been no known exploits so far and for the past several days the OAuth community has been coordinating a response with as many known providers as possible to help them understand the threat and deploy whatever mitigating factors they can.

We’d like to publicly show our appreciation for Twitter’s role in helping to minimize premature publicity of this threat, even at its own expense, taking the heat as if it was their own issue in order to allow other companies to address this threat.

We ask that people refrain from speculating about or publicly discussing the actual details of this or other threats before we have released an official statement this evening at midnight, PST on the OAuth website.

If you have any immediate concerns, please contact the vendors or Eran Hammer-Lahav directly at 408 596 1974 or eran@hueniverse.com (he is the community coordinator for this threat).