Threat Post

OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijacking

Mobile app developers need to be aware of improper OAuth 2.0 implementations that have put one billion mobile apps at risk to takeover. Third-party applications that allow single sign-on via Facebook ...

OAuth Device Code Phishing: Azure vs. Google Compared

Azure can yield very powerful tokens while Google limits scopes, reducing the blast radius. Register for Huntress Labs' Live Hack to see live Microsoft 365 attack demos, explore defensive tactics, and ...
CNET

OAuth 2.0 leader resigns, says standard is 'bad'

The standard grew too far away from its roots as a simple Web authentication technology, author Eran Hammer-Lahav says, and now is insecure and overly broad. Stephen Shankland worked at CNET from 1998 ...