[Openid-specs-ab] 1000 WAYS TO DIE IN MOBILE OAUTH
Nat Sakimura
n-sakimura at nri.co.jp
Wed Aug 10 05:00:51 UTC 2016
Just found a briefing in Blackhat 2016 titled
<https://www.blackhat.com/us-16/briefings.html#1000-ways-to-die-in-mobile-oa
uth> "1000 WAYS TO DIE IN MOBILE OAUTH"
Says:
> (1) all major identity providers, e.g., Facebook, Google and Microsoft,
have re-purposed OAuth for user authentication;"
> [..snip..]
> "The result is really worrisome: among the 149 applications that use
OAuth, 89 of them (59.7%) were incorrectly implemented and thus vulnerable.
Maybe we should dig in.
--
PLEASE READ :This e-mail is confidential and intended for the
named recipient only. If you are not an intended recipient,
please notify the sender and delete this e-mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160810/50fd2d7b/attachment.html>
More information about the Openid-specs-ab
mailing list