This is exactly the threat that we explored in our recent @USENIXSecurity paper with @kaytwo, @stevecheckoway, @m0eb1t. SSO providers are now single points of failure, and any account compromise will have a domino effect for a massive num. of other sites. https://www.usenix.org/conference/usenixsecurity18/presentation/ghasemisharif ….
-
-
- 1 more reply
New conversation -
-
-
“50 million users isn’t bad. You know what’s bad? 90 million users. Actually, just make it all 2 billion.”pic.twitter.com/VKOQS3m2Lf
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Another reason I've never used Facebook.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I was personally hacked by
@fb_engineering exec, Peter Ryan Zich. I want nothing more than FB to become history like MySpace.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thought it was 50 Million?
FB will say it’s 200 Million by tomorrow - 1 more reply
New conversation -
-
-
Never trusted FB SSO service and never used it.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
#Facebook could shoot a user on 5th Avenue in broad daylight without losing any revenue!
-
This made me chuckle as I remember Trump saying a very similar thing in 2016 in Iowa during the campaign.
-
That's exactly what I was referring to.
End of conversation
New conversation -
-
-
I’ve been telling people, just DISABLE the whole sharing API. Nothing you get from it is worth the exposure.https://www.pcmag.com/article/360173/how-to-download-your-facebook-data-and-6-surprising-things …
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Might want to hold off giving FB access to Bank
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I'm curious what makes an account "affected" or "may have been impacted". Does this just mean that the "view as" feature was used by some potentially non-malicious actor, or does it mean an access token was actually misused?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Using Facebook for single sign on is looking pretty stupid right about now.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
FB stories is endless specially the last two years
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@briankrebs note the date and context of this revised bug bounty program...https://www.facebook.com/notes/facebook-bug-bounty/introducing-rewards-for-reports-about-access-token-exposure/2247351778612369/ … -
I’d be surprised if it was purely coincidental with their claim that they saw an irregular spike in traffic on 16th Sept. They might have realised the provenance of the issue but could not nail down the actual vulnerability.
End of conversation
New conversation -
-
-
FB has lost all trust. Very bad leadership and mindset.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I remember thinking federation authentication, while convenient, was a bad idea for this reason alone. I regret ever giving into this option.
#Amithe90M#HopeNot#ProbablySopic.twitter.com/UPkoAnJgWfThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.