Just came across this article: Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X, by The Register. Since the news itself did not explain…View More On the XARA vulnerability on MacOS X and iOS
New vulnerability on OpenSSL found
A new bug in OpenSSL was found by Masashi Kikuchi of Lepidum. It affects all versions of OpenSSL earlier than 1.0.1. For details, please refer…View More New vulnerability on OpenSSL found
Covert Redirect is not new but.. A risk analysis and recommendations
So, there has been a flurry of worries induced by the CNET and other articles  about “Covert Redirect”. Like Leandro Boffi wrote in his blog…View More Covert Redirect is not new but.. A risk analysis and recommendations
Registered Token Profile for OAuth 2.0
So, ID Token in OpenID connect is audience restricted to the client while the OAuth bearer access token is audience restricted to the protected resource.…View More Registered Token Profile for OAuth 2.0
Analyzing Yahoo! Voices Password Leakage
Lot’s of articles appeared on the Yahoo! Voices’ password leakage on the 11th. Many people seem to be assuming that Yahoo!s password has been leaked,…View More Analyzing Yahoo! Voices Password Leakage
Comments on Wang-Chen-Wang paper on OpenID Implementation Vulnerability
In the paper titled “Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services“, Rui Wang,…View More Comments on Wang-Chen-Wang paper on OpenID Implementation Vulnerability
BrowserID protects the privacy of your Web activity? Really?
So, BrowserID is buzzing. In general, browser helping user to secure their login is a good thing. But, I have bunch of problem with the…View More BrowserID protects the privacy of your Web activity? Really?