2 http://www.nirgoldshlager.com/2013/02/how-i-hacked-facebook-oauth-to-get-full.html
Case in Point: Weak Authentication
Facebook's OAuth implementation was vulnerable to an attack
2
whereby
an attacker could gain full access to any Facebook user account. The
attack worked by using a covert redirect, stealing the user's token and
then replaying it against Facebook's site. Use of a security protocol is not
the same thing as delivering a more secure system.
