Forum latest

  • It's true..
    Durn, this is supposed to be " "The" Topic for emerging 64 bit hardware and softtware...
  • It's true..
    I would be surprised if you were that guilty. Do we-I- judge others? you bet! I lik...
  • It's true..
    I guess it would be better that people who "have a problem" carried signs around thei...
Flawed sign-in services from Google and Facebook imperil user accounts
Written by Danrok   
Monday, 26 March 2012 13:10

From ArsTechnica:

Account login services that implement applications from Google, Facebook, and other commercial providers are prone to flaws that allow adversaries unauthorized access to private user profiles on the third-party Websites that use them, a team of computer scientists has concluded.

Their 10-month study found that many SSO, or single sign-on, services supplied by IdPs or ID Providers including Google, Facebook, and PayPal weren't properly integrated into Websites that used the services. As a result, private data on RP, or relying party, sites belonging to Farmville, Freelancer, Nasdaq, Sears, JainRain, and other sites were all vulnerable to snoops.



Don't Click Here Don't Click Here Either