InfoSec Links May 13, 2014

Serious security flaw in OAuth OpenID discovered - Aloysius Low and Seth Rosenblatt - Cnet

The way you login to certain sites (Facebook, Google, Yahoo, LinkedIn) could be vulnerable to having your credentials stolen. The vulnerability revolves around clicking on the wrong link and a pop-up box asking you to reauthenticate. The issue with this, is that the pop-up appears to come from the site you're on. Unfortunately, this is not an easy fix and even if the organizations take that route it would impact the user experience, which could mean a loss of business.

Security is Fundamentally A Battle of Mistakes - Jerry Gamblin -

An interesting though exercise involving security and poker and how you protect your network. Essentially, are you focusing on the areas you can be the most effective on or are you focusing on the areas you think you need to focus on.

URL Shortener Says Account Credentials Possibly Compromised - Mike Lennon - Security Week

If  you have an account with you may find that you need to change some things when you login in next time. My favorite part of this story is taking the initiative in this:

The company has invalidated all credentials within Facebook and Twitter, forcing users to reconnect their Facebook and Twitter profiles in order to publish to their accounts.