Security News

Keys, tokens and too much trust found in container images (Help Net Security)
2017-06-16 15:00

We are all aware of the risks introduced by good old third party code. Where would we be without it? Apparently not very far. It is estimated that between 30 to 70 percent of code comes from 3rd...

Slack Fixes Cross-Origin Token Theft Bug (Threatpost)
2017-03-01 19:58

The cloud-based collaboration tool Slack was quick to fix a bug earlier this month that could have let an attacker steal a user’s private Slack token.

Singapore security firm hopes mobile software token will plug hardware holes (ZDNet)
2017-02-14 05:52

PayPal Fixes OAuth Token Leaking Vulnerability (Threatpost)
2016-11-28 20:52

PayPal fixed an issue that could have allowed an attacker to hijack OAuth tokens associated with any PayPal OAuth application. The vulnerability was publicly disclosed on Monday by Antonio Sanso,...

Tokens of terror spark 'major security update' at GitLab (The Register)
2016-11-04 07:13

Quantum Tokens for Digital Signatures (Schneier on Security)
2016-10-06 12:03

This paper wins "best abstract" award: "Quantum Tokens for Digital Signatures," by Shalev Ben David and Or Sattath: Abstract: The fisherman caught a quantum fish. "Fisherman, please let me go,"...

Google to Revoke OAuth 2.0 Tokens Upon Password Reset (SecurityWeek)
2016-09-22 16:05

Google automates Apps OAuth token revocation (The Register)
2016-09-22 02:35

Hacking mobile login tokens tricky but doable, says reverse-engineer (The Register)
2016-09-02 18:03

Samsung Pay Token Flaw Allows Fraudulent Transactions (SecurityWeek)
2016-08-08 11:34