From ArsTechnica:

Account login services that implement applications from Google, Facebook, and other commercial providers are prone to flaws that allow adversaries unauthorized access to private user profiles on the third-party Websites that use them, a team of computer scientists has concluded.

Their 10-month study found that many SSO, or single sign-on, services supplied by IdPs or ID Providers including Google, Facebook, and PayPal weren't properly integrated into Websites that used the services. As a result, private data on RP, or relying party, sites belonging to Farmville, Freelancer, Nasdaq, Sears, JainRain, and other sites were all vulnerable to snoops.

[More...]

[Comments...]