Major Security Hole Catching AuthTokens in the Wild The Insecurity of Google's ClientLogin Protocol
2 προβολές
Παράβλεψη και μετάβαση στο πρώτο μη αναγνωσμένο μήνυμα
Brian Herman
18 Μαΐ 2011, 6:51:01 μ.μ.18/5/11
ως chicago-...@googlegroups.com
Googles clientlogin protocol is sends the user information in plaintext.
http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html
WTF Google?
Thanks,
Brian Herman
brianjherman.com
brian...@acm.org
http://www.uni-ulm.de/en/in/mi/staff/koenings/catching-authtokens.html
WTF Google?
Thanks,
Brian Herman
brianjherman.com
brian...@acm.org
Asten Rathbun
19 Μαΐ 2011, 12:33:30 μ.μ.19/5/11
ως chicago-...@googlegroups.com
of course, they're already patching things on the server side to fix it. Security issues happen. What matters is how they're handled when they do.
--Asten
--Asten
--
You received this message because you are subscribed to the Google Groups "Chicago Androids" group.
To post to this group, send email to chicago-...@googlegroups.com.
To unsubscribe from this group, send email to chicago-androi...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/chicago-androids?hl=en.
Απάντηση σε όλους
Απάντηση στον συντάκτη
Προώθηση
0 νέα μηνύματα