YouTube home Comedy Week on YouTube
Upload

This video is unlisted. Only those with the link can see it. The attack demo against Facebook SSO

mountmic mountmic·No public videos
4
10,561
Like     Dislike 0

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to like mountmic's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to dislike mountmic's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to add mountmic's video to your playlist.

Published on Mar 6, 2012

No description available.

Ratings have been disabled for this video.
Rating is available when the video has been rented.
This feature is not available right now. Please try again later.

All Comments (6)

Sign in now to post a comment!
  • Zhou Li

    Zhou Li 2 years ago

    The fact is that ESPN's web site gets user's consent but the malicious web site doesn't. The malicious web site exploits a Facebook vulnerability to steal the access token possessed by ESPN and then impersonate ESPN to fetch DOB, email, and post on wall.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Zhou Li's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Zhou Li's comment.
    in reply to vineet369 (Show the comment)
  • Greg Hamm

    Greg Hamm 2 years ago

    Thank you for bringing this to the ATTENTION of FaceBook...First!! And thanks for the job you have done - a great public service to the people that aren't aware of the PRIVACY SETTINGS!

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Greg Hamm's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Greg Hamm's comment.
  • vineet369

    vineet369 2 years ago

    First was common sense, since name is already pubic.

    Third one, is obvious, since at Request for Permission by FB, it specifically says, "Posts on my wall", which it can and most probably will do.

    But how did YOU fetched DOB and email address, since those can only be accessed by ESPN, after we have allowed them to do so? From cookies or something?

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate vineet369's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate vineet369's comment.
  • alexariciu

    alexariciu 2 years ago

    nice work guys.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate alexariciu's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate alexariciu's comment.
  • Loading comment...
Loading...
Loading...
Working...
Sign in to add this to Watch Later