10 Ways To Fight Digital Theft & Fraud(Click image for larger view and slideshow.)
The recently disclosed security flaws in some implementations of the widely used OAuth and OpenID website authentication mechanisms are serious. But they're not nearly as bad as the recently discovered Heartbleed vulnerability in OpenSSL, and they pose much less of an immediate and direct threat to people's personal information.
That's the message from numerous security researchers who have been investigating the details of security flaws in OAuth 2.0 and OpenID. Mathematics Ph.D. student Wang Jing issued a covert redirect vulnerability warning earlier this month.
"The vulnerability could lead to open redirect attacks to both clients and providers of OAuth 2.0 or OpenID," Wang said. "Almost all major OAuth...(continued)