Insane and irresponsible. The demo pages even meant that attackers were one XSS or CSRF from your home address.https://medium.com/@philipn/want-to-see-something-crazy-open-this-link-on-your-phone-with-wifi-turned-off-9e0adb00d024 …
-
-
IMO biggest dif is consent confirmation step so easily guessed or derived. Other CSRF or embedded browser attacks would be more complicated
-
Eg http://payfone.com demo doesn't require info. Attacker could embed in mobile app & collect everyone's cell #, at least for that demo
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.