One Article Review
Accueil - L'article:
Source SANS.webp SANS Institute
Identifiant 363706
Date de publication 2017-05-10 02:16:35 (vue: 2017-05-10 02:16:35)
Titre OAuth, and It\'s High Time for Some Personal "Security-Scaping" Today, (Wed, May 10th)
Texte After Bojans recent story on the short-lived Google Docs OAuth issues last week (https://isc.sans.edu/forums/diary/OAUTH+phishing+against+Google+Docs+beware/22372/), I got to thinking. The compromise didnt affect too many people, but it got me thinking about OAuth. The piece of OAuth that I focused on is the series of permisssions and tokens that allow interaction between applications, which is what the recent compromise took advantage of. My personal mantra is the best day to change the password for X is today, and as part of this Ive expanded that proverb to include looking at application permissions and privacy settings! For instance, using Googles Security Checkup at https://myaccount.google.com/security , I found that at some point in the past, I granted TripAdvisor access to my Gmail account. This wasnt intentional, it was probably an OK prompt during an install or update process you know, the ones you sometimes just click quickly / accidentally without paying attention to? Then wonder if you just clicked something dumb right after? Anyway, yes, one of those - *click* - gone now! I moved on to Facebook - application settings are here: https://www.facebook.com/settings and privacy settings are here: https://www.facebook.com/settings?tab=privacy Really, everything in that page needs to be looked at!. Me, I was surprised to find that I was using an older email address for my Facebook login (oops) with the login buried in my iPad app, it wasnt something I had thought about (plus Im not in facebook too much lately) Other sites of interest: Twitter: https://twitter.com/settings/account In particular: https://twitter.com/settings/safety And: https://twitter.com/settings/applications Linkedin: https://www.linkedin.com/psettings/ Really, most apps that you run have a privacy or a security page it never seems to be front-and-center though, in fact for many of the apps I access primarily from a dedicated app on my phone or tablet, I needed to go to the real application in my browser to find these settings. As you go, be sure to translate the security questions to plain English. For instance, from Googles privacy checkup, youbase64,iVBORw0KGgoAAAANSUhEUgAAAwQAAABsCAIAAABb1uIfAAAgAElEQVR4nOy9Z1dcSbYm3D9p3o8zs9adO/ftrq6qLkkljwBhlSC89wiPkAQyIIckQB5ZZAp5A3IgCYQTMiAJhIf0mcfGOXEinvkQSRZluqf7TvVU1TTPyiUlJzMj4+zYe8cTO/aO/AOWsYxlLGMZy1jGMv6F8YdfuwPLWMYylrGMZSxjGb8mlsnQMpaxjGUsYxnL+JfGMhlaxjKWsYxlLGMZ/9JYJkPLWMYylrGMZSzjXxrLZGgZy1jGMpaxjGX8S2OZDC1jGctYxjKWsYx/afwBAOccAGPsR6+pqmqapnjOGHO73X9no4QQxpho9teCZVm6rovnlFJxI4qi/Ipd+llomgYgKGdKKQC/3/9Ltf9LyeH3Is/fETjnnHPTNAkh4opQhmX857DUgxmGsVRFg/a1rLe/ffwG7cI0TVVVgwpmWRYASikhRExzv+5kt4xfBD8gQ2KMOedL3Yqu63+P71BVdenb+CJ++S7/I9B1/Vc3pL8HQZ4hy/I/qf1fRA6/F3n+9vGjmVuY3jL+DyEm0eCfQSGrqvqjJ8v4beK3ZhdBzyzAGAsuBZfCsqyfRhOW8fvCHwBYliVYi2maIjLx1/D3uJKlXCpI7f/vI8jMRB8Mw/gFwy2/IITBBwUlSdIva/+/lBx+L/L8vYAQQik1DCNoLLqu/+qu//eLoBjFet00TRGctizLsqylZEhc+fV6uoy/hd+aXSxd0gsmFLy+9G3LSvX/AP4AgFIqBjI4opTSN2/enDlzpqioqLCwMCsrKyUlpbCwMDs7O+evIzs7u7CwMD09vamp6d27d7/ujf2Ipwu3+Gt15m/gnx08+6Xk8HuR5+8XhmH82l34fWPpWi7o05bxe8evbheWZWma9iN1opRSSpejQf8vIRAZEnG/IBkaGxurq6urqalJT0/Pzc3NzMxMTEwsKSnJy8v7a0woMzMzJSUlNzc3JSVl7969hw4dGhoa+nXvTZIkTdM458GdnV8xUvU3IFZCuq4LV/6LG9gvJYffizx/Fwj6VsaYqqo+n++nsfdl/ENQFMXn8y2dtIJujTFmGIaINyyTpN8yfmt28dNVHyEk6AAFJQq+tMyNftcIVJOJWS0YXr506VJGRsbY2NiP3v23M1qEKliW5XK5cnNz6+vr/zl9/ruwdO
Envoyé Oui
Condensat "security *click* *delete* 10th =============== about above academic access accidentally account actual add address advantage affect after ago alarm all allow already and: another answer any anyway app applicatio application applications approach apps are asked attention attribution authentication away back background batteries been best better between bit bojans book browser buried bury but button calendar camera can cant case center certainly change changed changing characters checkup chrome click clicked com/psettings/ com/security com/settings com/settings/account com/settings/applications com/settings/safety comment commons complex compromise compromises compugen consider contacts control course creative creepy day dedicated deleted didnt different dig directly docs dont dumb during easy edu edu/forums/diary/oauth+phishing+against+google+docs+beware/22372/ else email embedded english especially everything excellent except expanded facebook fact factor find fitness focused folks form found from front gears give giving gmail gone good google googles got granted had half handy has have havent here here: high history hotel how https://isc https://myaccount https://twitter https://www identity inbox include info information install installed instance intentional interaction interest: internet investigate ipad iphone isnt issues itd its ivborw0kggoaaaansuheugaaawqaaabscaiaaabb1uifaaagaeleqvr4noy9z1dcsbym3d9p3o8zs9ado/ftrq6qlkkljwbhlsc89wipkaqyiickqb5zzap5a3igcyqtmiajhif0mcfgoxeinvkqsrzluqf7tvvu1ttpyiuljzmj4+zye8cto/ao/aowsyxllgmzy1jgmv6f8ydfuwplwmyylrgmzsxjgb8mlsnqmpaxjgusyxnl+jfgmhlaxjkwsyxllgmz/9jyjkplwmyylrgmzszjxxrlzggzy1jgmpaxjgx8s2ozdc1jgctyxjkwsyx/afwbaoccagpsr6+pqmqapnjogho73x9no4qqxpho9teczvm6rovnlfjxi4qi/ipd+llomgygkgdkkqc/3/9ltf9lyeh3is/fetjnnhptnakh4opqhmx857dugxmgsvrfg/a1rle/ffwg7ci0tvvvgwpmwryasikhrexzv+5kt4xfbd8gq2kmoedl3yqu63+p71bvdenb+cj++s7/i9b1/vc3pl8hqz4hy/i/qf1fra6/f3n+9vgjmvuy3jl+dyem0ecfqsgrqvqjj8v4bek3zhdbzyzagasubzfcsqyfrhow8fvchwbylivyi2maijlx1/d3ujklxcpi7f/vi8jmrb8mw/gfwy2/iitbbwulsdiva/+/lbx+l/l8vyaqqik1dcnollqu/+qu//elobjfet00trgctizlsqylzehc+fv6uoy/hd+axsxd0gsmfly+9g3lsvx/ap4agfiqbji4optsn2/endlzpqioqlcwmcsrkyulpbcwmds7o+evizs7u7cwmd09vamp6d27d7/ujf2ipwu3+gt15m/gnx08+6xk8hur5+8xhmh82l34fwppwi7o05bxe8evbhewzwma9in1oprsspejqf8virazeng/ibkagxurq6urqaljt0/pzc3nzmxmtewsksnjy8v7a0womzmzjsulnzc3jsvl7969hw4dghoa+nxvtziktdm458gdnv8xuvu3ifzcuq4lv/6lg9gvjyffizx/fwj6vsayqqo+n++nsfdl/enqfmxn8y2dtijujtfmgiainyytpn8yfmt28dnvhyek6aafjqq+tmynftcivjojws0yxr506vjgrsby2nip3v23m1qekliw5xk5cnnz6+vr/zl9/ruwdo9jqc/n/lezmedz+zbghzwezy9imn4pofyo5pm7ggmasiz/yhu6xk5fqz+/dyzn7rabk5xz8ctr9s59p9frxezdv1n81uxiavzqz9vmqetexs/8rvedmitgutf18vlygoic8zjlwyzhignvb2qumaa5vbvsully8vl+ef3+3ykybexz+csv3/jmlums0+n8xzv9petwu5pnbx9bawqo+ziz+j/bj9i7fvsqx+pxedz/1zu1jh8yv0270hu9siw8ho/b7f7pblgcgfpd4w/cfqgyfjzwulntc3nzbrewsy5d1znnf4mmbssm5+bmabqxf+fm5v4n5ksobpwzp+aenfoadv4mvgtkguwizhyfp4dpj9xw7i4qkvj4pobwlnhfk39vkg7/wf9l/mucbphfjdf5973nyaaftiatxlvs58alxsektecam7taxdtzi0pgxyfbkxjgg4tgs9rbt+/0b8pn89xw1gbkanjt9n/o43+lhrzoz/fegkbu0mxh0uem9hlxce3wn44grmavjl4nsduock6fplg/eg4e5co/b+37k/whg4olcrpk4tlr3/f2h2/ad+9cdhxjwxf//n/qmfhjabgchcwslgxubv5ropdno/99uz+v8z+ln5eabzi+l//ic9zstf6bmjd+6y+g9sev/mp4gwn/3ij8zb0f70loypnwcztrdw2+hhkxjenige4tdngdmzuvjeuvvxnojyvwfzwgnfang8xa6fcwxylal2rmtyxdf72b+oohevgdxenbaf5q2vzhkv8hxvdvs3xxz7/66t/nd9nf+b7/lijv69wwdiaodq0ufw1rbj6u6+rpkd5plzp98pgzx/htx9/c981zi1mm+mkb3p4dndwdq8n2t0c0qi1u0l+gbi0xgswdxlzeoqiga0zgtqqaarrae3nnsaulzijpwvxuswywc4wghdwlobsul/ki//6zafct/htpf82eaayfyseeb1jqpxmlprxowc2aglhqxu+jfmqaykgxqja+k8pkmllw8j+x/6cf/sqp//k88/vs+uciyrks/pz8/pz8yftw7zlkyel7kkx5+fnz2dn/ahywxxsqrimgyporj5ijn/sotm4bympljinz5ofb5/frixcfvrcrcuyuckpreuewazoc8plvdhgmryjfnpubzygxi2eoimvzfnzj83jaumtkvo98yrisrg7oxdipoexcoycfih8n06kwocifsrmxqbvn9kiy6lbdlomfhk63va5f834gjwbgjwbxypkmgacwaayg0wb16qyfwotmq3xfhma6lyd6wnw6kslatanghrcdobqgnfucchklmqowjyewzhjtqarqaagxavil5etx9erqapvnbsawjb/tggtjeyl1koogqfnfsgu3jearopkirm5xqugeqsoazuymivbluzccy24gczabzepxgifb4nxsnz8yx92eaeiw/db8pp3pygd9tnciazqhqgfacxsfselw5pyfefagocbbncjkydqqoywfsx5vkdrtwbwmyhjql
Tags Guideline
Stories Yahoo Guam
Notes
Move


L'article ne semble pas avoir été repris aprés sa publication.


L'article ne semble pas avoir été repris sur un précédent.
My email: