The Accidental Discovery of a New Vulnerability in Google's OAuth Implementation | allinfosecnews.com

March 6, 2024, 5:13 p.m. | Black Hat

Black Hat www.youtube.com

Beware, dear friends, the cautionary tale of the cloud provider that broke its own security model. Ignoring RFCs! Putting plaintext passwords in scripts - and printing them in books! It's a crazy story, but one that may nonetheless resonate with enterprise security practitioners everywhere.

In early 2021, I identified a client impersonation vulnerability in a series of Google "first-party" applications. This vulnerability allows an attacker to present themselves both to a user and to Google as one of these applications, …

books cloud cloud provider discovery enterprise enterprise security friends google implementation may new vulnerability oauth own passwords plaintext printing scripts security security practitioners story vulnerability

More from www.youtube.com / Black Hat

Locknote: Conclusions and Key Takeaways from Day 2 2 weeks, 3 days ago | www.youtube.com

black hat black hat europe board board members +15

Locknote: Conclusions and Key Takeaways from Day 1 2 weeks, 3 days ago | www.youtube.com

black hat black hat europe board board members +16

Keynote: My Lessons from the Uber Case 2 weeks, 3 days ago | www.youtube.com

addition best practices case convicted +16

Keynote: Industrialising Cyber Defence in an Asymmetric World 2 weeks, 4 days ago | www.youtube.com

adversaries challenge cyber cyber defence +10

The Black Hat Europe Network Operations Center (NOC) Report 2 weeks, 4 days ago | www.youtube.com

back black hat black hat europe center +14

My Invisible Adversary: Burnout 3 weeks, 1 day ago | www.youtube.com

adversary attackers attacks burnout +11

The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility 3 weeks, 1 day ago | www.youtube.com

analysis ask bad codeql +10

A World-View of IP Spoofing in L4 Volumetric DoS Attacks - and a Call to … 3 weeks, 2 days ago | www.youtube.com

attacks call cloudflare detection +10

Collide+Power: The Evolution of Software-based Power Side-Channels Attacks 3 weeks, 2 days ago | www.youtube.com

addition attacks build collide+power +14

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Associate Principal Security Engineer

@ Activision Blizzard | Work from Home - CA

View on infosec-jobs.com

Security Engineer- Systems Integration

@ Meta | Bellevue, WA | Menlo Park, CA | New York City

View on infosec-jobs.com

Lead Security Engineer (Digital Forensic and IR Analyst)

@ Blue Yonder | Hyderabad

View on infosec-jobs.com

Senior Principal IAM Engineering Program Manager Cybersecurity

@ Providence | Redmond, WA, United States

View on infosec-jobs.com

Information Security Analyst II or III

@ Entergy | The Woodlands, Texas, United States

View on infosec-jobs.com