Monday, July 19, 2010

Authentication crack could affect millions

A friend of mine brought this article to my attention a few days ago…
Researchers Nate Lawson and Taylor Nelson say they've discovered a basic security flaw that affects dozens of open-source software libraries -- including those used by software that implements the OAuth and OpenID standards -- that are used to check passwords and user names when people log into websites. OAuth and OpenID authentication are accepted by popular Web sites such as Twitter and Digg.
The researchers are going to disclose their results at the upcoming Black Hat conference in Las Vegas. Since both OAuth and OpenID are in use by major providers and potential by cloud services it will be interesting to see how much of a stir their work causes.

No comments: