| Passkey | 2025-01-15 · NEW:  Appunta · Stampa · Cita: 'Doc 99187' · pdf |
EDPO e Hacker News vs Google - oauth 2 |
abstract:
Lo stiamo segnalando sul podcast.
L' EDPO se ne è accorto https://thehackernews.com/2025/01/google-oauth-vulnerability-exposes.html
Ora il tema riguarda anche la confusione dell'auth2 tra password e passkey, che vanno gestite diversamente dagli utenti, e possono creare non pochi problemi di sicurezza, non solo di eventuale profilazione sistematica.
Google sempre piu' attenta a tracciare il traffico tramite ip e non solo.
Mentre per tutti gli altri (non circuito promozionali) l'IP non ha significato identificativo.
Ma Google non cambierà la nuova politica: vendere traffico, non pubblicità.
Link: https://lnkd.in/deSfYFmn
analisi:
-
index:
testo:
Da Linkedin:
EDPO (European Data Protection Office)
“New research has pulled back the curtain on a ‘deficiency’ in Google's ‘Sign in with Google’ authentication flow that exploits a quirk in domain ownership to gain access to sensitive data.
‘Google's Oauth login doesn't protect against someone purchasing a failed startup's domain and using it to re-create email accounts for former employees,’ Truffle Security co-founder and CEO Dylan Ayrey said in a Monday report.’
[…] The San Francisco-based company said the issue has the potential to put millions of American users' data at risk simply by purchasing a defunct domain associated with a failed startup and gaining unauthorized access to old employee accounts related to various applications like OpenAI ChatGPT, Slack, Notion, Zoom, and even HR system.”
hashtag#Privacy hashtag#GDPR hashtag#dataprotection hashtag#Google hashtag#GoogleSignIn
Subscribe to EDPO's newsletter here: https://lnkd.in/dwK8sde
*This article was not written by EDPO. The opinions and views of the author(s) do not necessarily represent those of EDPO.
https://lnkd.in/deSfYFmn
Link: https://lnkd.in/deSfYFmn
Testo del 2025-01-15
Passkey Password Profilazione Traffico Pubblicità Google Oauth2
