[Openid-specs-ab] 1000 WAYS TO DIE IN MOBILE OAUTH

Nat Sakimura n-sakimura at nri.co.jp
Wed Aug 10 05:00:51 UTC 2016


Just found a briefing in Blackhat 2016 titled
<https://www.blackhat.com/us-16/briefings.html#1000-ways-to-die-in-mobile-oa
uth> "1000 WAYS TO DIE IN MOBILE OAUTH" 

 

Says: 

 

>  (1) all major identity providers, e.g., Facebook, Google and Microsoft,
have re-purposed OAuth for user authentication;"

> [..snip..]

> "The result is really worrisome: among the 149 applications that use
OAuth, 89 of them (59.7%) were incorrectly implemented and thus vulnerable.

 

Maybe we should dig in. 

 

--

PLEASE READ :This e-mail is confidential and intended for the

named recipient only. If you are not an intended recipient,

please notify the sender  and delete this e-mail.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20160810/50fd2d7b/attachment.html>


More information about the Openid-specs-ab mailing list