Re: [security-dev] OAuth 2.0 and the Road to XSS: attacking Facebook Platform

Yup, pretty much the implicit model and Facebook's poor implementation. Its funny how people are proclaiming how vulnerable the OAuth implicit model is, when the spec already pretty much spells out how vulnerable it is. On 4/12/2013 5:38 PM, Bill Burke wrote: > Before I read this, I think the XSS attacks are centered around the > public OAuth protocols, one-way SSL + confidential clients pretty much > protect against these issues, IIRC. > > On 4/12/2013 4:28 PM, Bruno Oliveira wrote: >> Interesting presentation: http://conference.hitb.org/hitbsecconf2013ams/materials/D2T1%20-%20Andrey... -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ security-dev mailing list security-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/security-dev