Tag Archive for 'Security'

Bizroof Now Supports OAuth 1.0a

Published
by
Francis Green
on June 12, 2009
in Announcements
. Comments

We recently received an email from Yahoo explaining the importance to update OAuth to 1.0a for their Fire Eagle location sharing platform, and we can now confirm Bizroof now supports OAuth 1.0a protocol to fix the identified security thread. Here is the email from Yahoo Fire Eagle Team:

This important service announcement is being sent out to all
developers who have Fire Eagle application keys.

Due to a potential security vulnerability, revisions have been
made to the OAuth protocol. This is the protocol that allows
different services to connect to one another without sharing
passwords -- and is a core part of Fire Eagle.

To address these concerns, we've implemented support for
OAuth 1.0a and will be phasing out support for OAuth 1.0 over
the next couple of months.

** If your application does not yet support OAuth 1.0a, you will
need to update it over the next few weeks. Otherwise users will
be unable to authorize your application. **

Existing authorizations (i.e. you already have access tokens)
will continue to work.

In the meantime, any users attempting to authorize applications
that don't yet support 1.0a will be presented with a screen that
warns them about the OAuth vulnerability and discourages them
from continuing.

Developers are already at work rewriting aspects of the OAuth and
Fire Eagle libraries. You can find out more about this and the
changes to OAuth below:

* http://oauth.net/advisories/2009-1
* http://fireeagle.yahoo.net/developer/documentation/using_oauth
* http://mojodna.net/2009/05/20/an-idiots-guide-to-oauth-10a.html

If you have any questions or need help, please don't hesitate to
ask via the Fire Eagle Mailing List. You can also keep up to date
with the latest Fire Eagle happenings on our Twitter feed:

* MAILING LIST: http://tech.groups.yahoo.com/group/fireeagle/
* TWITTER FEED: http://twitter.com/fireeagle/

Yours,

The Fire Eagle team

You can safely connect your Bizroof account with Yahoo’s fire ealge without sharing passwords. To do that, you need to login Bizroof, click your name on the top right cornor on your dashboard, and then click the Upload Location link on the following page, and… you will see the following page to confirm the connection -