Comments on: It’s a WRAP

By: OAuth Bearer Tokens are a Terrible Idea « hueniverse

OAuth Bearer Tokens are a Terrible Idea « hueniverse — Wed, 29 Sep 2010 19:09:51 +0000

[...] is not new. Ben Adida described this exact issue when reviewing the original WRAP proposal: But wait, you say, don’t worry, the token is sent over SSL, so it’s all [...]

By: OAuth 2.0 security used by Facebook, others called weak | PCM Tech Center

OAuth 2.0 security used by Facebook, others called weak | PCM Tech Center — Fri, 24 Sep 2010 01:13:50 +0000

[...] might actually be worse than passwords,” security expert Ben Adida noted last December in a blog post. It’s “very hard for users to gauge whether web applications are doing the right thing [...]

By: Twitter: big on social, small on security – RAAK

Twitter: big on social, small on security – RAAK — Thu, 23 Sep 2010 09:09:38 +0000

[...] we start digging into the really scary stuff, let’s look at the issue at hand: how did this worm [...]

By: OAuth and OAuth WRAP: defeating the password anti-pattern « I.T News & Stuff

Fri, 22 Jan 2010 04:32:07 +0000

[...] introduce a token-as-password web security protocol in 2010 is somewhat mind-boggling,” he wrote. “I see reasons to simplify OAuth. Maybe rethink the combination of consumer and access [...]

By: Links » Security Is Hard: Live With It

Links » Security Is Hard: Live With It — Tue, 05 Jan 2010 16:59:29 +0000

[...] a bad idea, it’s difficult to know where to start. So I was pleased to see that Ben Adida saved me the trouble. I understand. Security is hard. Getting those timestamps and nonces right, making sure you’ve [...]

By: Benlog » It’s a WRAP followup: maybe the goal was client-side certs?

Benlog » It’s a WRAP followup: maybe the goal was client-side certs? — Wed, 23 Dec 2009 19:48:26 +0000

[...] Home « It’s a WRAP [...]