HackerTrans
TopNewTrendsCommentsPastAskShowJobs

aviCC

no profile record

Submissions

[untitled]

1 points·by aviCC·hace 2 años·0 comments

[untitled]

1 points·by aviCC·hace 2 años·0 comments

[untitled]

1 points·by aviCC·hace 3 años·0 comments

Ask HN: Print “Hello World” in Python/C/Bash without use W&numbers in your code

1 points·by aviCC·hace 3 años·1 comments

OAuth Flaw Exposed Social Media Logins to Account Takeover

bankinfosecurity.com
3 points·by aviCC·hace 3 años·0 comments

[untitled]

1 points·by aviCC·hace 3 años·0 comments

A New OAuth Vulnerability in a Framework Used in Hundreds of Websites

salt.security
9 points·by aviCC·hace 3 años·1 comments

Booking.com account takeover shows possible pitfalls in OAuth implementations

csoonline.com
11 points·by aviCC·hace 3 años·1 comments

Researchers took over Booking.com accounts using a legitimate Facebook link

4 points·by aviCC·hace 3 años·1 comments

[untitled]

1 points·by aviCC·hace 3 años·0 comments

comments

aviCC
·hace 2 años·discuss
Wow if that's true and affects more websites, then it's super cool and huge
aviCC
·hace 2 años·discuss
And a link, if you want to read the official blog post: https://salt.security/blog/security-flaws-within-chatgpt-ext...
aviCC
·hace 2 años·discuss
Technical details: "The plugin does not authenticate the request, which means that the attacker can insert another memberId (aka the victim) and get a code that represents the victim. With that code, he can use ChatGPT and access the GitHub of the victim."
aviCC
·hace 3 años·discuss
Invest money on companies who want to improve our life
aviCC
·hace 3 años·discuss
https://platform.intervee.io/

Provides practical challenges with guidance for graduates in various subjects including Linux, Network, Security, and more..

Computer Science can sometimes be theoretical and learning from practical example is a must.
aviCC
·hace 3 años·discuss
Actually, the CVE-2023-283131 vulnerability was published with the full details just two days ago. In April Expo published a short post but without too much technical information. You can find more details about CVE-2023-283131 in the link I shared here:

https://salt.security/blog/a-new-oauth-vulnerability-that-ma....

Thank you for bringing up the distinction, and I agree that OpenID can help address some of the issues, but not all of them...
aviCC
·hace 3 años·discuss
TLDR: A direct link to the interesting technical information: https://salt.security/blog/a-new-oauth-vulnerability-that-ma...
aviCC
·hace 3 años·discuss
Original article: https://salt.security/blog/traveling-with-oauth-account-take...
aviCC
·hace 3 años·discuss
https://salt.security/blog/traveling-with-oauth-account-take...

Video: https://youtu.be/IK_AV1UFS-0
aviCC
·hace 3 años·discuss
This is the link to the research, you provided a link to Reddit: https://salt.security/blog/traveling-with-oauth-account-take...