OAuth-Protected Access at Facebook and Twitter Breached from Leaky Buffer Service
On October 26, 2013 tens of thousands of Facebook and Twitter users got a nasty shock. Hackers broke into a service called “Buffer”, plundered OAuth access tokens and posted to their accounts. Luckily, it was all just to promote… Continue reading
The Soft Underbelly of IT Security
Last Thursday CEO Sanjay Tandon “declassified” the “#1 cyber security risk to Active Directory.” When Sanjay contacted me, I wondered if he’d found a new code vulnerability in Windows and whether this was going to be a responsible disclosure… Continue reading