May Newsletter
Welcome to the May 2011 edition of the 18INT newsletter! Facebook and SSL Facebook has been battling some bad press in the past month. They were caught hiring a PR agency to smear Google over privacy issues, perhaps to distract everyone from their ongoing security issues. Facebook app developers are a wild herd of cats, and facebook is finding they don't all follow along. The protocol used by Facebook and applications can make it easy to "leak" a session identifier, which is an opportunity for bad guy to take over your account. Part of Facebook's solution is to push all the apps into SSL. Another is to push all the apps into using OAuth 2.0 for authentication. Translated, this means if you're running an app on Facebook, you'll be upgrading your code…