A serious vulnerability in both the OAuth and OpenID protocols could lead to complications for those who use the services to login to websites like Facebook, Google, LinkedIn, Yahoo, Microsoft, PayPal among many others.
Browsing Tag: Privacy
Yahoo, one of the first large Web companies to recognize the Do Not Track header from browsers on its properties, has now backtracked and said it will no longer support DNT.
Apple patched a potentially serious hole in its Developer Center that could have given anyone unfettered access to personal contact information for Apple employees and partners.
Facebook announced new authentication changes yesterday, including Anonymous Login which gives users the option of using an application without sharing personal data stored with Facebook.
The White House wants you to know that it did not know about the OpenSSL Heartbleed vulnerability before you did. The White House also wants you to know that administration officials don’t think stockpiling zero days isn’t necessarily good for national security. That’s all well and good, except that it mostly doesn’t matter.
NIST announced it has removed the Dual EC DRBG random number generator from a draft guidance on RNGs; the move could become official next month after a public comment period expires.
Researchers published a video this week demonstrating that Samsung’s latest entry in the smartphone arena, the Galaxy S5, is vulnerable to a hack that as crude as may seem involves lifting and copying fingerprints to trick the phone’s sensor.
The Heartbleed story advanced over the weekend with word of researchers exploiting the OpenSSL flaw to steal private SSL keys, and the loss of data on websites in the U.K. and Canada.
Facebook’s acquisition of WhatsApp was approved by the Federal Trade Commission late last week, but not without a stern privacy-related warning from the agency.
Bruce Schneier said during his Source Boston keynote that history will not look kindly on society’s tradeoff of privacy for convenience in the age of surveillance.