Dailydave mailing list archives
Re: OAuth vulnerabilities, and insane partial disclosure people.
From: Nate Lawson <nate () root org>
Date: Thu, 23 Apr 2009 20:37:28 -0700
Matthieu Suiche wrote:
Dave... You are a very bad guy. http://groups.google.com/group/oauth/browse_thread/thread/20e12ace524dba3?pli=1 "Please do not speculate or publicly discuss the actual details of this or other threats." said Eran Anyway, details are public now: http://www.hueniverse.com/hueniverse/2009/04/explaining-the-oauth-session-fixation-attack.html#more http://oauth.net/advisories/2009-1
The overlap between web 2.0 and cryptographers 1.0 is the empty set. See also "rainbow tables fiasco", wherein web 2.0 redesigned password salting, poorly. -- Nate _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- OAuth vulnerabilities, and insane partial disclosure people. Dave Aitel (Apr 22)
- Re: OAuth vulnerabilities, and insane partial disclosure people. Michael Eddington (Apr 22)
- Re: OAuth vulnerabilities, and insane partial disclosure people. Matthieu Suiche (Apr 23)
- Re: OAuth vulnerabilities, and insane partial disclosure people. Nate Lawson (Apr 24)
- Re: OAuth vulnerabilities, and insane partial disclosure people. Matthieu Suiche (Apr 23)
- Re: OAuth vulnerabilities, and insane partial disclosure people. Michael Eddington (Apr 22)