Diff for "なりすまし/account_pre-hijacking"

Differences between revisions 8 and 9

Contents

解説

/SSO Single Sign-On (SSO), federated identity management

Avinash Sudhodanan in collaboration with Andrew Paverd

New Research Paper: Pre-hijacking Attacks on Web User Accounts

https://msrc-blog.microsoft.com/2022/05/23/pre-hijacking-attacks/

if the attacker can create an account at a target service using the victim’s email address 
before the victim creates an account, 
the attacker could then use various techniques to put the account into a pre-hijacked state.

Pre-hijacked accounts: An Empirical Study of Security Failures in User Account Creation on the Web

https://arxiv.org/abs/2205.10174

https://arxiv.org/pdf/2205.10174.pdf 2205.10174.pdf

4 Account Pre-Hijacking Attacks

1. 解説

https://www.helpnetsecurity.com/2022/05/24/account-pre-hijacking/

https://www.theregister.com/2022/05/25/web_pre_hijacking/

CategoryDns CategoryWatch CategoryTemplate

MoinQ: なりすまし/account_pre-hijacking (last edited 2022-08-26 07:47:28 by ToshinoriMaeno)

-  ⇤ ← Revision 8 as of 2022-05-26 02:09:00 → 
  Size: 1059
  Editor: ToshinoriMaeno
  Comment:
+   ← Revision 9 as of 2022-05-26 02:22:18 → ⇥
  Size: 1079
  Editor: ToshinoriMaeno
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 7:
+[[/theregister]]

MoinQ: Diff for "なりすまし/account_pre-hijacking"

1. 解説