By Jeremy Kirk
IDG News Service | Dec 4, 2014 6:10 PM PT
IBM’s X Force security researchers found an easy way to gain access to Web accounts by taking an advantage of an oversight in how some social login services are configured.
IBM’s X Force security researchers found an easy way to gain access to Web accounts by taking an advantage of an oversight in how some social login services are configured.
Full Article.
'SpoofedMe' attacks exploited LinkedIn, Amazon social login flaws
Userlevel 7
+54
Userlevel 7
By Darren Pauli, 5 Dec 2014
Bigshot online identity providers LinkedIn and Amazon were vulnerable to a novel attack that allowed ID fraudsters potential access to top websites – including Slashdot, NASDAQ.com and Crowdfunder – an IBM security duo have revealed.
Or Peles and Roee Hay of IBM Security Systems said the attacks worked because the providers included MyDigiPass, "Sign in with LinkedIn" or "Login with Amazon" functions on their sites. Those named websites allowed accounts that had not had email addresses confirmed to be used for a verified login.
full article
Bigshot online identity providers LinkedIn and Amazon were vulnerable to a novel attack that allowed ID fraudsters potential access to top websites – including Slashdot, NASDAQ.com and Crowdfunder – an IBM security duo have revealed.
Or Peles and Roee Hay of IBM Security Systems said the attacks worked because the providers included MyDigiPass, "Sign in with LinkedIn" or "Login with Amazon" functions on their sites. Those named websites allowed accounts that had not had email addresses confirmed to be used for a verified login.
full article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.