openid
Latest
Popular login services have a security hole, but Facebook and Microsoft can't fix it
The recent Heartbleed scare caused a huge stir, even though it was effectively fixed before it even happened. There are other sorts of security holes, however, which can't be plugged so readily, and which affected companies therefore have less incentive to publicize. A researcher in Singapore, Wang Jing, claims to have uncovered a potentially serious example of this involving the widely-used login services OAuth and OpenID. He says that he's tried to alert major web services that rely on these platforms, including Facebook, Microsoft and Google, but they're refusing to take responsibility for the issue.
