Ars Technica

Web to get more social as OAuth is sanctioned for use

As if social media wasn't already, well, social enough, a relatively new open protocol for securely sharing information between web sites, called OAuth, has received a major boost for broad adoption.
CSOonline

Booking.com account takeover flaw shows possible pitfalls in OAuth implementations

Booking.com, one of the world’s largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to ...
Threat Post

Password Protocol OAuth Gets New Variant

The developers behind the OAuth protocol have developed a new variant called OAuth WRAP that is simpler and easier to implement. It’s a stop-gap solution that will enable broader OAuth adoption while ...
The Next Web

Twitter developers be aware of OAuth API changes!

We recently asked all Twitter third party app developers to get rid of asking for user credentials and kindly switch to delegated authentication based on the open OAuth protocol. Today we want to ...
PC World

Russian hackers use OAuth, fake Google apps to phish users

The Russian hacking group blamed for targeting U.S. and European elections has been breaking into email accounts, not only by tricking victims into giving up passwords, but by stealing access tokens ...
Wired

Developer Quits OAuth 2.0 Spec, Calls It 'a Bad Protocol'

After three years as lead author and editor of the OAuth 2.0 specification, Eran Hammer has stepped down from his role, withdrawn his name from the spec and even quit the OAuth working group ...
Infosecurity-magazine.com

API Security Flaw Impacted Grammarly, Vidio and Bukalapak

Salt Security has revealed research unveiling critical API security vulnerabilities in the OAuth protocol implementations of popular online platforms like Grammarly, Vidio and Bukalapak. These ...