One new article link has been added to our Related News page. Ars Technica published an article titled Flawed sign-in services from Google and Facebook imperil user accounts.
Account login services that implement applications from Google, Facebook, and other commercial providers are prone to flaws that allow adversaries unauthorized access to private user profiles on the third-party Websites that use them, a team of computer scientists has concluded.
Their 10-month study found that many SSO, or single sign-on, services supplied by IdPs or ID Providers including Google, Facebook, and PayPal weren’t properly integrated into Websites that used the services. As a result, private data on RP, or relying party, sites belonging to Farmville, Freelancer, Nasdaq, Sears, JanRain, and other sites were all vulnerable to snoops.
Source: Ars Technica