back to article Good news, OAuth is almost secure

German boffins believe there are protocol flaws in Facebook's ubiquitous OAuth protocol that render it vulnerable to attack. The trio, Daniel Fett, Ralf Küsters and Guido Schmitz of the University of Trier, conducted what's known in security circles as a “formal security analysis” on the protocol, and published it at Arxiv …

  1. Trixr
    Headmaster

    It's not Facebook's

    Facebook merely use OAuth, like many other sites and services. They certainly don't own it, and they weren't involved in developing it.

    If you said "used by Facebook and Twitter, among others", then maybe you would not be implying it's their standard.

    1. Michael Wojcik Silver badge

      Re: It's not Facebook's

      Came here to say much the same thing. In fact the initial work on OAuth was done at Twitter, by Cook. Then there was a discussion group, followed by an IETF BOF and eventually the RFC.

  2. Chewi

    I don't know a lot about OAuth but this really does sound like good news given how much criticism we've heard about 2.0 in the past. Maybe that's what El Reg were getting at in the headline but it might not be clear to everyone.

  3. Anonymous Coward
    Anonymous Coward

    There's also the little fact that if you "Log in with Facebook", then you're giving Facebook employees and whoever can coerce them access to whatever you logged in to. That's not a Facebook specific thing of course.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021