[prev in list] [next in list] [prev in thread] [next in thread]
List: dailydave
Subject: Re: [Dailydave] OAuth vulnerabilities,
From: Nate Lawson <nate () root ! org>
Date: 2009-04-24 3:37:28
Message-ID: 49F133F8.5070207 () root ! org
[Download RAW message or body]
Matthieu Suiche wrote:
> Dave... You are a very bad guy.
>
> http://groups.google.com/group/oauth/browse_thread/thread/20e12ace524dba3?pli=1
>
> "Please do not speculate or publicly discuss the actual details of this or
> other threats." said Eran
>
> Anyway, details are public now:
> http://www.hueniverse.com/hueniverse/2009/04/explaining-the-oauth-session-fixation-attack.html#more
> http://oauth.net/advisories/2009-1
The overlap between web 2.0 and cryptographers 1.0 is the empty set. See
also "rainbow tables fiasco", wherein web 2.0 redesigned password
salting, poorly.
--
Nate
_______________________________________________
Dailydave mailing list
Dailydave@lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic