Researchers: Password Crack Could Affect Millions

Friday Jul 16th 2010 by Staff

Duo says that many Web apps that use the OAuth and OpenID standards, including Twitter and Digg, are vulnerable to timing attacks.

NetworkWorld: Security researchers Nate Lawson and Taylor Nelson say that many Web apps that rely on the OAuth and OpenID standards are susceptible to timing attacks. Security experts have known about the potential risk of timing attacks for decades, but because the attacks require accurate measurements to the nanosecond, most believed they were unworkable in the real world. The two plan to explain their methodology more fuller at the upcoming Black Hat conference.

The researchers said that Web sites could eliminate the vulnerability with about six lines of code.

Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved