PC World

OAuth 2.0 Security Used by Facebook, Others Called Weak

The emerging OAuth 2.0 Web API authorization protocol, already deployed by Facebook, Salesforce.com and others, is coming under increased criticism for being too easy to use, and therefore to spoof by ...
Threat Post

OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijacking

Mobile app developers need to be aware of improper OAuth 2.0 implementations that have put one billion mobile apps at risk to takeover. Third-party applications that allow single sign-on via Facebook ...
TechCrunch

Google Brings OAuth 2.0 Support To Gmail And Google Talk To Make Third-Party Apps More Secure

Virtually all of Google’s APIs currently support OAuth 2.0, a framework for allowing third-party apps limited access to your data from other services, as their standard authentication mechanism.
Wired

Developer Quits OAuth 2.0 Spec, Calls It 'a Bad Protocol'

After three years as lead author and editor of the OAuth 2.0 specification, Eran Hammer has stepped down from his role, withdrawn his name from the spec and even quit the OAuth working group ...

OAuth Device Code Phishing: Azure vs. Google Compared

Azure can yield very powerful tokens while Google limits scopes, reducing the blast radius. Register for Huntress Labs' Live Hack to see live Microsoft 365 attack demos, explore defensive tactics, and ...
CNET

OAuth 2.0 leader resigns, says standard is 'bad'

The standard grew too far away from its roots as a simple Web authentication technology, author Eran Hammer-Lahav says, and now is insecure and overly broad. Stephen Shankland worked at CNET from 1998 ...