OAuth 2.0

Pierluigi Paganini November 05, 2016
One oAuth 2.0 hack, 1 Billion Android App Accounts potentially exposed

Security researchers demonstrated that a Wrong oAuth 2.0 implementation allows a remote simple hack that exposes more than 1 Billion Android App Accounts. A remote simple hack devised by a group of security researchers threatens an amazing number of Android and iOS apps. An attacker can use the technique to sign into any victim’s mobile […]

Pierluigi Paganini September 23, 2016
As of October 5, automatic OAuth 2.0 token revocation upon password reset

Google announced a change to its security policy to increase the account security that includes the OAuth 2.0 token revocation upon password reset. Google has finally announced a new OAuth 2.0 token revocation according to its security policy, the company will roll out the change starting on Oct. 5. The change to the Google security policy […]

Pierluigi Paganini January 12, 2016
A research team has found two flaws in the OAuth 2.0 protocol

According to a group of researchers from the University of Trier two critical flaw affects the oAuth 2.0 authentication protocol. The OAuth 2.0 authentication protocol is widely used on social networking sites, every day billion of users access their profiles on Facebook and Google+ using it. According to researchers Daniel Fett, Ralf Küsters and Guido […]

Pierluigi Paganini October 22, 2014
Drigo spyware exploits Google Drive in targeted attacks

Security experts at TrendMicro have discovered a cyber espionage campaign which used a malware dubbed Drigo to syphon data through Google Drive. Security experts at TrendMicro have uncovered a new wave of targeted attacks which were stolen information through Google Drive. The researcher detected a new strain of data stealer malware, dubbed Drigo, that is apparently used in hacking […]

Pierluigi Paganini June 13, 2012
Hacktivist vs Twitter, security of OAuth authorization

There isn’t peace for social network platforms, priority target for cybercrime and governments, they represent a mine of data useful for business and espionage. After the news of the LinkedIN hack, also Twitter have been successfully attacked by a group of hacktivist named LulzSec Reborn that has leaked user credentials of more of 10,000 accounts. […]