By John Gruber
WorkOS simplifies MCP authorization with a single API built on five OAuth standards.
Yesterday I saw this report from Christopher Soghoian, alleging that for a period of time yesterday, anyone was able to log into any Dropbox account using any password. It struck me as too astounding to be true.
Alas, it was true, and the hole was open for over four hours. Everything appears to be working properly now, but I suggest all Dropbox users check their account events log.
★ Tuesday, 21 June 2011