funsec mailing list archives
Password crack against OAuth, OpenID vs SSH?
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>
Date: Fri, 16 Jul 2010 20:46:00 -0800
There is a claim of a password crack against OAuth, OpenID, and related software libraries. http://bit.ly/b4Wh6S+ (Computerworld) http://www.computerworld.com/s/article/9179224/Researchers_Authentication_cra ck_could_affect_millions This is important, of course, particularly because of the use of OAuth and OpenID as a kind of SSO, and therefore a single-point-of-failure against all kinds of systems. However, I wonder if there is also a relation to the recent spate of SSH attempts that has been reported in some circles? One reported "fix" was to use certificates rather than passwords, but that may be exactly what the attacks are trying to hit. ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org The earth is degenerating these days. Bribery and corruption abound. Children no longer mind parents. And it is evident that the end of the world is fast approaching. - Syrian tablet, 2800 BC victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://www.infosecbc.org/links http://twitter.com/rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Password crack against OAuth, OpenID vs SSH? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jul 16)