On (OAuth) token hijacks for fun and profit (Google/Microsoft integration)intothesymmetry.blogspot.com1 ポイント·投稿者 asanso·11 年前·0 コメント
Open Redirect in Rfc6749 aka 'The OAuth 2.0 Authorization Framework'intothesymmetry.blogspot.com2 ポイント·投稿者 asanso·11 年前·0 コメント
Top 5 OAuth 2 Implementation Vulnerabilitiesintothesymmetry.blogspot.com2 ポイント·投稿者 asanso·12 年前·0 コメント
How I have hacked Facebook again and would have stolen a valid access token)1 ポイント·投稿者 asanso·12 年前·0 コメント
How I have hacked Facebook again and would have stolen a valid access token)intothesymmetry.blogspot.ch2 ポイント·投稿者 asanso·12 年前·0 コメント
OAuth 2 vulnerability Facebook And Google (solved)intothesymmetry.blogspot.ch1 ポイント·投稿者 asanso·12 年前·0 コメント
asanso·9 年前·議論I agree on all the accounts on what you said. I am probably biased by the fact I like JSON over XML. Probably JOSE just took the wrong path and could have been designed way better than it is...
asanso·9 年前·議論It seems that Matthew Green warned them about some of their choices though back in 2012!! https://www.ietf.org/mail-archive/web/jose/current/msg00366....
asanso·9 年前·議論The author of http://blog.intothesymmetry.com/2017/03/critical-vulnerabili... here FWIW. Personally I would not be so drastic. JOSE per se is not too bad (at least the idea is cool). Some crypto choices though have been really arguable...
asanso·10 年前·議論hi the author of the vuln here. this is my write up http://intothesymmetry.blogspot.ch/2016/01/openssl-key-recov...
asanso·10 年前·議論hi the author of the vuln here. this is my write up http://intothesymmetry.blogspot.ch/2016/01/openssl-key-recov...