oauth

Google OAuth bug left accounts open to permanent compromise

Google OAuth bug left accounts open to permanent compromise

‘GhostToken’ exposed users to data theft and more.
Richard Chirgwin Apr 24 2023 12:02PM Security
ID service Dex patches token-stealing bug

ID service Dex patches token-stealing bug

Attackers could access downstream apps.
Richard Chirgwin Oct 7 2022 12:51PM Security
Heroku hackers got account passwords via OAuth token theft

Heroku hackers got account passwords via OAuth token theft

Hashed and salted user passwords exfiltrated.
Juha Saarinen May 6 2022 12:50PM Security
Heroku forces user password resets

Heroku forces user password resets

API access tokens invalidated.
Juha Saarinen May 5 2022 6:55AM Security
Microsoft warns of large 'Upgrade' phishing campaign

Microsoft warns of large 'Upgrade' phishing campaign

Machine learning picks up on suspicious OAuth use by app.
Juha Saarinen Jan 22 2022 8:37AM Security
PayPal fixes app authentication token hijack flaw

PayPal fixes app authentication token hijack flaw

Online payments processor didn't implement OAuth right.
Juha Saarinen Nov 29 2016 2:30PM Security
'Covert Redirect' vulnerability affects OAuth 2.0, OpenID

'Covert Redirect' vulnerability affects OAuth 2.0, OpenID

Hot on heels of Heartbleed.
Adam Greenberg May 5 2014 6:34AM Security
7000 Hootsuite users compromised via OAuth

7000 Hootsuite users compromised via OAuth

Spam diet bad for health.
Danielle Walker Sep 11 2013 10:00AM Security
LinkedIn fixes OAuth flaw

LinkedIn fixes OAuth flaw

Researcher sends heads up.
Darren Pauli Jul 23 2013 3:11PM Security
AusCERT2012: Locking down Mozilla's Web Apps

AusCERT2012: Locking down Mozilla's Web Apps

Top tips to boost web site security.
Darren Pauli May 18 2012 12:22PM Security
Code surety: Secure by design

Code surety: Secure by design

Total security of applications is probably a pipe dream. However, starting a secure design framework today will markedly improve applications in the future, reports Deb Radcliff.
Deb Radcliff Mar 7 2012 5:34AM Security
Twitter to switch from basic access authentication to OAuth on its API

Twitter to switch from basic access authentication to OAuth on its API

Gone by August 31.
SC Australia Staff Aug 24 2010 2:07PM Security

Log In

  |  Forgot your password?