Wednesday, January 09, 2013

OAuth & OpenID

OAuth - Wikipedia, the free encyclopedia:
"OAuth is an open standard for authorization. OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end-user). It also provides a process for end-users to authorize third-party access to their server resources without sharing their credentials (typically, a username and password pair), using user-agent redirections.

OAuth is a service that is complementary to, and therefore distinct from, OpenID."

OpenID is an open standard that describes how users can be authenticated in a decentralized manner, eliminating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities.[1] Users may create accounts with their preferred OpenID identity providers, and then use those accounts as the basis for signing on to any website which accepts OpenID authentication.

OpenID vs OAuth

Integrate OpenAuth/OpenID with your existing ASP.NET application using Universal Providers

30 years of internet

1983-01-01: Arpanet => TCP/IP

30 years ago, at flip of a switch, the internet as we know it WAS BORN • The Register

Marking the birth of the modern-day Internet @ Google blog

Jeff Bezos on Leading for the Long-Term at Amazon

podcast interview: Jeff Bezos on Leading for the Long-Term at Amazon - HBR IdeaCast - Harvard Business Review

Complex network security

This Week in Cybercrime: Danger May Not Come from What You Do As Much as Where You Go - IEEE Spectrum

Instead of attacking the desired victims directly, the hacker profiles the individuals or companies, finding out what websites they frequent. The attacker scans those sites for vulnerabilities. Having found one or more whose defenses can be penetrated, the attacker injects code at those sites that causes the victim’s computer to automatically redirect to a separate site. The site to which the victim is diverted hosts a zero-day exploit that is lying in wait—like a lion at a watering hole—to give the attacker access to the victim’s computer so he or she can install more malware, steal data, or monitor the victim’s activities.