Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

E Pluribus Unix


computers / alt.comp.os.windows-10 / Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

SubjectAuthor
* Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?Andy Burnelli
+* Re: Does this bug in Google GMail OAuth affect us on Firefox &Andy Burns
|+- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?YK
|`* Re: Does this bug in Google GMail OAuth affect us on FirefoxChris
| `* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
|  +* Re: Does this bug in Google GMail OAuth affect us on Firefox &Chris
|  |+* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?dan
|  ||`- Re: Does this bug in Google GMail OAuth affect us on FirefoxChris
|  |`* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
|  | +* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?Gronk
|  | |`- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
|  | `* Re: Does this bug in Google GMail OAuth affect us on FirefoxChris
|  |  +* Re: Does this bug in Google GMail OAuth affect us on Firefox &Andy Burns
|  |  |`- Re: Does this bug in Google GMail OAuth affect us on FirefoxChris
|  |  `* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
|  |   `* Re: Does this bug in Google GMail OAuth affect us on FirefoxChris
|  |    `* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
|  |     `- Re: Does this bug in Google GMail OAuth affect us on FirefoxChris
|  `- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?RonTheGuy
`* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 +* Re: Does this bug in Google GMail OAuth affect us on Firefox &The Real Bev
 |+* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 ||+* Re: Does this bug in Google GMail OAuth affect us on Firefox &Sam Hill
 |||+- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?CDB
 |||+- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 |||`* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?Hiram T Schwantz
 ||| `- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?J.B. Wood
 ||`* Re: Does this bug in Google GMail OAuth affect us on Firefox &The Real Bev
 || +* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?Heron
 || |`* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 || | `* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?allen
 || |  `* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 || |   `* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?allen
 || |    `- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 || `* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 ||  +* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?Thomas
 ||  |`- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 ||  `* Re: Does this bug in Google GMail OAuth affect us on Firefox &The Real Bev
 ||   +- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?John Robertson
 ||   `* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 ||    +* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?mike
 ||    |`* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 ||    | `* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?wolfgang kern
 ||    |  `* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 ||    |   `- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?John
 ||    `* Re: Does this bug in Google GMail OAuth affect us on Firefox &The Real Bev
 ||     `* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 ||      +- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?Rudolph Rhein
 ||      `* Re: Does this bug in Google GMail OAuth affect us on Firefox &The Real Bev
 ||       `* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 ||        `* Re: Does this bug in Google GMail OAuth affect us on Firefox &The Real Bev
 ||         +* Re: Does this bug in Google GMail OAuth affect us on FirefoxChris
 ||         |+* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 ||         ||+- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?nospam
 ||         ||+* Re: Does this bug in Google GMail OAuth affect us on Firefox &The Real Bev
 ||         |||+* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 ||         ||||+* Re: Does this bug in Google GMail OAuth affect us on Firefox &The Real Bev
 ||         |||||+- Re: Does this bug in Google GMail OAuth affect us on Firefox &jjb
 ||         |||||`- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 ||         ||||`* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?nospam
 ||         |||| `- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 ||         |||`* Re: Does this bug in Google GMail OAuth affect us on FirefoxChris
 ||         ||| `* Re: Does this bug in Google GMail OAuth affect us on Firefox &The Real Bev
 ||         |||  `* Re: Does this bug in Google GMail OAuth affect us on FirefoxChris
 ||         |||   `- Re: Does this bug in Google GMail OAuth affect us on Firefox &The Real Bev
 ||         ||`* Re: Does this bug in Google GMail OAuth affect us on FirefoxChris
 ||         || `* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 ||         ||  `* Re: Does this bug in Google GMail OAuth affect us on Firefox &Andy Burns
 ||         ||   +- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 ||         ||   `- Re: Does this bug in Google GMail OAuth affect us on FirefoxChris
 ||         |+* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?nospam
 ||         ||`* Re: Does this bug in Google GMail OAuth affect us on FirefoxChris
 ||         || +* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?Ken Blake
 ||         || |`- Re: Does this bug in Google GMail OAuth affect us on Firefox &...winston
 ||         || `* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?nospam
 ||         ||  +- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 ||         ||  `- Re: Does this bug in Google GMail OAuth affect us on FirefoxChris
 ||         |+* Re: Does this bug in Google GMail OAuth affect us on FirefoxAdam H. Kerman
 ||         ||`* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 ||         || +* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?RJH
 ||         || |`* Re: Does this bug in Google GMail OAuth affect us on FirefoxChris
 ||         || | `- Re: Does this bug in Google GMail OAuth affect us on Firefox &The Real Bev
 ||         || `* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?Adam H. Kerman
 ||         ||  `* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 ||         ||   `- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?Adam H. Kerman
 ||         |`* Re: Does this bug in Google GMail OAuth affect us on Firefox &The Real Bev
 ||         | `* Re: Does this bug in Google GMail OAuth affect us on FirefoxChris
 ||         |  `- Re: Does this bug in Google GMail OAuth affect us on Firefox &The Real Bev
 ||         `* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 ||          +- Re: Does this bug in Google GMail OAuth affect us on FirefoxChris
 ||          `* Re: Does this bug in Google GMail OAuth affect us on Firefox &The Real Bev
 ||           `* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 ||            `* Re: Does this bug in Google GMail OAuth affect us on Firefox &The Real Bev
 ||             `- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?R.Wieser
 |`* Re: Does this bug in Google GMail OAuth affect us on FirefoxChris
 | +* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?FromTheRafters
 | |+- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?Adam H. Kerman
 | |`* Re: Does this bug in Google GMail OAuth affect us on Firefox &Andy Burns
 | | +- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?JAB
 | | `- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?Frank Slootweg
 | +* Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?Algernon Goss-Custard
 | `* Re: Does this bug in Google GMail OAuth affect us on Firefox &The Real Bev
 `- Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?Jerry

Pages:12345678910
Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6bngu$177t$1@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62826&group=alt.comp.os.windows-10#62826

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!aioe.org!3PLzD/rb74ta/CXxNcmbeA.user.46.165.242.75.POSTED!not-for-mail
From: spa...@nospam.com (Andy Burnelli)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?
Date: Sat, 21 May 2022 23:02:30 +0100
Organization: Aioe.org NNTP Server
Message-ID: <t6bngu$177t$1@gioia.aioe.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="40189"; posting-host="3PLzD/rb74ta/CXxNcmbeA.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1
Content-Language: en-GB
X-Notice: Filtered by postfilter v. 0.9.2
 by: Andy Burnelli - Sat, 21 May 2022 22:02 UTC

Does this bug in Google GMail OAuth affect us on Windows
Firefox & Thunderbird?

*Multiple bugs chained to takeover Facebook Accounts which uses Gmail.*
<https://ysamm.com/?p=763>

Youssef Sammouda has revealed that Gmail's OAuth authentication code
enabled him to exploit vulnerabilities in Facebook to hijack Facebook
accounts when Gmail credentials are used to sign in to the service.

The vulnerability seems to be only with GMail linked accounts.

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<jeu4vcFn4l8U1@mid.individual.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62827&group=alt.comp.os.windows-10#62827

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!aioe.org!news.uzoreto.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: use...@andyburns.uk (Andy Burns)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox &
Thunderbird?
Date: Sun, 22 May 2022 07:53:31 +0100
Lines: 10
Message-ID: <jeu4vcFn4l8U1@mid.individual.net>
References: <t6bngu$177t$1@gioia.aioe.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net xKwj4TOVmZc33C9IGaFRXgk2kG0m58Nqb21mn0gUx2mfxwYa4q
Cancel-Lock: sha1:eG7vbpcUyrWrGxtn034JqvxWoRY=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101
Thunderbird/101.0
Content-Language: en-GB
In-Reply-To: <t6bngu$177t$1@gioia.aioe.org>
 by: Andy Burns - Sun, 22 May 2022 06:53 UTC

Andy Burnelli wrote:

> Does this bug in Google GMail OAuth affect us on Windows Firefox & Thunderbird?

Don't know, but it's precisely because of the possibility of that sort of
cross-domain authentication exploit, that I only use my google account to
sign-in to services operated by google ...

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6ctcl$1vnq$1@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62829&group=alt.comp.os.windows-10#62829

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!aioe.org!5abR8ENrPWAYG2aGkI4DsA.user.46.165.242.75.POSTED!not-for-mail
From: youkidd...@yahoo.com (YK)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?
Date: Sun, 22 May 2022 04:48:45 -0400
Organization: Aioe.org NNTP Server
Message-ID: <t6ctcl$1vnq$1@gioia.aioe.org>
References: <t6bngu$177t$1@gioia.aioe.org> <jeu4vcFn4l8U1@mid.individual.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="65274"; posting-host="5abR8ENrPWAYG2aGkI4DsA.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Thunderbird/78.10.2
Content-Language: en-US
X-Notice: Filtered by postfilter v. 0.9.2
 by: YK - Sun, 22 May 2022 08:48 UTC

On 5/22/2022 2:53 AM, Andy Burns wrote:
>> Does this bug in Google GMail OAuth affect us on Windows Firefox & Thunderbird?
>
> Don't know, but it's precisely because of the possibility of that sort of
> cross-domain authentication exploit, that I only use my google account to
> sign-in to services operated by google ...

I ran a threeword search of 'gmail oauth chain" which came up with "serious
warnings" alongside websites which said it was "absolutely safe" to use it.

Which is it?

OAuth: How Does 'Login With Facebook/Google' Work?
https://www.scienceabc.com/innovation/oauth-how-does-login-with-facebook-google-work.html
It is absolutely safe to log in on apps and third-party websites using your
Facebook or Google account. Big tech companies (e.g., Google, Facebook
etc.) use a standard called OAuth, which allows third-party websites to
access and retrieve select pieces of information from these big websites in
order to authenticate users.

What Is OAuth? How Those Facebook, Twitter, and Google Sign-in Buttons Work
https://www.howtogeek.com/53275/exchanging-data-safely-with-oauth/
If you've ever used a "Sign In With Facebook" button, or given a
third-party app access to your Twitter account, you've used OAuth. It's
also used by Google, Microsoft, and LinkedIn, as well as many other account
providers. Essentially, OAuth allows you to grant a website access to some
information about your account without giving it your actual account
password.

Implementing OAuth2 Social Login With Facebook
https://dzone.com/articles/implementing-oauth2-social-login-with-facebook-par
The client or the application sends requests for authorization to access
resources from the resource server.
If the user accepts the request, the application receives permission to
access the user's data, as per the scope of the permission.
The client requests an access token from the authorization server or API
representing the authenticity of its own identity. These access tokens'
life span is very short- think of their life span in terms of hours and
minutes.
If the authorization server authenticates the application's identity, then
the server generates an access token to the application.
The application requests the resource from the resource server or API.
Then, it sends the access token to the server for authentication.
If the resource server finds that the access token is valid then it serves
the resource to the application.

Connect Gmail accounts by using OAuth 2.0
https://docs.microsoft.com/en-us/power-platform/admin/connect-gmail-oauth2
Follow the steps in this article to set up server-side synchronization to
send and receive email in customer engagement apps (such as Dynamics 365
Sales, Dynamics 365 Customer Service, Dynamics 365 Marketing, Dynamics 365
Field Service, and Dynamics 365 Project Service Automation) from Gmail
accounts by using OAuth 2.0 as the authorization mechanism.

Serious Warning Issued For Millions Of Google Gmail Users
https://www.forbes.com/sites/gordonkelly/2022/05/21/google-gmail-security-facebook-oauth-login-warning/
Sammouda explained that he was able to exploit redirects in Google OAuth
and chain it with elements of Facebook's logout, checkpoint and sandbox
systems to break into accounts.

For those concerned about the security of linked accounts, note it is
possible to unlink them from Facebook. Navigate to: Settings & Privacy >
Settings > Accounts Center button > Accounts & Profiles. A similar
unlinking process can be used on other third-party sites if you are
currently signing into them using Amazon/Google/Microsoft/Twitter
credentials.

All of which raises a serious convenience Vs security headache. After all,
it may have been Gmail credentials this time but it could be other OAuth
partners next. Whatever your decision, you have been warned.

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6d43k$oc0$1@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62832&group=alt.comp.os.windows-10#62832

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!aioe.org!XakcSTEO51npqVb7OVl71w.user.46.165.242.75.POSTED!not-for-mail
From: addr...@not.available (R.Wieser)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?
Date: Sun, 22 May 2022 12:42:40 +0200
Organization: Aioe.org NNTP Server
Lines: 15
Message-ID: <t6d43k$oc0$1@gioia.aioe.org>
References: <t6bngu$177t$1@gioia.aioe.org>
Injection-Info: gioia.aioe.org; logging-data="24960"; posting-host="XakcSTEO51npqVb7OVl71w.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.5512
X-RFC2646: Format=Flowed; Response
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-Notice: Filtered by postfilter v. 0.9.2
X-Priority: 3
 by: R.Wieser - Sun, 22 May 2022 10:42 UTC

Andy,

"Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?"

There is a problem with a road in my city. Do you think that it will affect
us that are driving a Ford or Chrysler ?

The article you provided doesn't name /any/ kind of browser. Ask yourself
: Why not ?

Regards,
Rudy Wieser

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6dlgh$3mb$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62833&group=alt.comp.os.windows-10#62833

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: bashley...@gmail.com (The Real Bev)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox &
Thunderbird?
Date: Sun, 22 May 2022 08:39:59 -0700
Organization: None, as usual
Lines: 49
Message-ID: <t6dlgh$3mb$1@dont-email.me>
References: <t6bngu$177t$1@gioia.aioe.org> <t6d43k$oc0$1@gioia.aioe.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: quoted-printable
Injection-Date: Sun, 22 May 2022 15:40:01 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="963f1440c91ed849f6f39c6ecf256fbc";
logging-data="3787"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19PlWq2s3IzgTBmnOrGEBt8H47HEEBuuI0="
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:38.0) Gecko/20100101
Firefox/38.0 Thunderbird/38.2.0
Cancel-Lock: sha1:bLeUwRijmfoj31LJ9SDrDKn42IE=
In-Reply-To: <t6d43k$oc0$1@gioia.aioe.org>
 by: The Real Bev - Sun, 22 May 2022 15:39 UTC

On 05/22/2022 03:42 AM, R.Wieser wrote:
> Andy,
>
> "Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?"
>
> There is a problem with a road in my city. Do you think that it will affect
> us that are driving a Ford or Chrysler ?
>
>
> The article you provided doesn't name /any/ kind of browser. Ask yourself
> : Why not ?

That's needlessly snotty.

Some/many of us regard the security of our email as largely irrelevant
because we assume that anything we put on the internet is public
information anyway. If username+password is the equivalent of a
motorcycle air cleaner that filters out birds we're OK with that.

We are now, however, forced to pay attention to google's upcoming
requirement of OAuth2 rather than the username+password that we have
been satisfied with for decades.

The available instructions about what changes to our desktop
browsers/email programs are both lacking and contradictory.

Some/many of us are not computer security experts. We expect the
professionals to deal with this shit, not lay it on our shoulders. I'm
most worried about having to establish new unwanted IMAP accounts (which
I don't want to begin with) and notifying nearly 3 decades of entities
of the new account names.

Google has NOT provided explanations for desktop computer users, only
phone users. This seems... irresponsible. And it seems tacky to dump
on someone with a question about something that MIGHT affect us and
which, so far, has NOT been explained to non-tech people.

--
Cheers, Bev
"Johnston [Island] was the home of a U.S. chemical weapons disposal
facility for 10 years before operations ended in November 2000.
The island was turned into a wildlife preserve."
© 2002 The Associated Press

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6ds41$10aq$1@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62834&group=alt.comp.os.windows-10#62834

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!aioe.org!XakcSTEO51npqVb7OVl71w.user.46.165.242.75.POSTED!not-for-mail
From: addr...@not.available (R.Wieser)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?
Date: Sun, 22 May 2022 19:32:42 +0200
Organization: Aioe.org NNTP Server
Lines: 13
Message-ID: <t6ds41$10aq$1@gioia.aioe.org>
References: <t6bngu$177t$1@gioia.aioe.org> <t6d43k$oc0$1@gioia.aioe.org> <t6dlgh$3mb$1@dont-email.me>
Injection-Info: gioia.aioe.org; logging-data="33114"; posting-host="XakcSTEO51npqVb7OVl71w.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
X-Priority: 3
X-Notice: Filtered by postfilter v. 0.9.2
X-MSMail-Priority: Normal
X-RFC2646: Format=Flowed; Response
X-Newsreader: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
 by: R.Wieser - Sun, 22 May 2022 17:32 UTC

Bev,

> That's needlessly snotty.

:-) You have no idea who arlen is, do you ?

And as the rest of your post hasn't got anything to do with either how bad
the OAuth vunerability is or with the OPs question ...

Regards,
Rudy Wieser

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6dtga$r3e$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62835&group=alt.comp.os.windows-10#62835

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: sam...@example.com (Sam Hill)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox &
Thunderbird?
Date: Sun, 22 May 2022 17:56:26 -0000 (UTC)
Organization: A noisey patient Spider
Lines: 11
Message-ID: <t6dtga$r3e$1@dont-email.me>
References: <t6bngu$177t$1@gioia.aioe.org> <t6d43k$oc0$1@gioia.aioe.org>
<t6dlgh$3mb$1@dont-email.me> <t6ds41$10aq$1@gioia.aioe.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 22 May 2022 17:56:26 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="c821c1750b9d9bb4d7de90315e1023c9";
logging-data="27758"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/nVtG1xl/4UUBBaep5EK4t"
User-Agent: Pan/0.139 (Sexual Chocolate; GIT bf56508
git://git.gnome.org/pan2)
Cancel-Lock: sha1:K/Z9MlRUO+S1Vh21a9vlD7MBOMs=
X-Post-ID: The Real Beauregard T. Shagnasty
X-Forger: David Brooks, Devon, UK
 by: Sam Hill - Sun, 22 May 2022 17:56 UTC

On Sun, 22 May 2022 19:32:42 +0200, R.Wieser wrote:

> Bev,
>
>> That's needlessly snotty.
>
> :-) You have no idea who arlen is, do you ?

Rudy, are you the Holder of that information?

I'd wager you could write a "tutorial" on the subject.

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6dtie$ud3$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62836&group=alt.comp.os.windows-10#62836

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!news.neodome.net!weretis.net!feeder8.news.weretis.net!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: bashley...@gmail.com (The Real Bev)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox &
Thunderbird?
Date: Sun, 22 May 2022 10:57:13 -0700
Organization: None, as usual
Lines: 25
Message-ID: <t6dtie$ud3$1@dont-email.me>
References: <t6bngu$177t$1@gioia.aioe.org> <t6d43k$oc0$1@gioia.aioe.org>
<t6dlgh$3mb$1@dont-email.me> <t6ds41$10aq$1@gioia.aioe.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 22 May 2022 17:57:34 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="963f1440c91ed849f6f39c6ecf256fbc";
logging-data="31139"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+c6Z5wxKKZCp38HBvNxCxnrGa/arXtWYo="
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:38.0) Gecko/20100101
Firefox/38.0 Thunderbird/38.2.0
Cancel-Lock: sha1:PyTkzxVMs/m8N31ar9yhtb5PlBc=
In-Reply-To: <t6ds41$10aq$1@gioia.aioe.org>
 by: The Real Bev - Sun, 22 May 2022 17:57 UTC

On 05/22/2022 10:32 AM, R.Wieser wrote:
> Bev,
>
>> That's needlessly snotty.
>
> :-) You have no idea who arlen is, do you ?

I don't care who he is. He spends a lot of time trying to help, and
that seems like a decent thing to do. I feel bad for not checking out
all he does, but I'm just not that diligent.

> And as the rest of your post hasn't got anything to do with either how bad
> the OAuth vunerability is or with the OPs question ...

I figure that understanding it is NOT my job. Not my circus, not my
monkeys. It would be really nice if I were interested in programming
and computer security etc., but I'M NOT. I'm a reasonably experienced
user, that's all.

We are legion :-)

--
Cheers, Bev
"Arguing on the internet is like running a race in the Special
Olympics: even if you win, you're still retarded."

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6e3el$6mp$1@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62837&group=alt.comp.os.windows-10#62837

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!aioe.org!culb7+LPatXw+V40LmGrlw.user.46.165.242.75.POSTED!not-for-mail
From: McKeis...@ipanywhere.com (Heron)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?
Date: Sun, 22 May 2022 14:38:21 -0500
Organization: Aioe.org NNTP Server
Message-ID: <t6e3el$6mp$1@gioia.aioe.org>
References: <t6bngu$177t$1@gioia.aioe.org> <t6d43k$oc0$1@gioia.aioe.org> <t6dlgh$3mb$1@dont-email.me> <t6ds41$10aq$1@gioia.aioe.org> <t6dtie$ud3$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: gioia.aioe.org; logging-data="6873"; posting-host="culb7+LPatXw+V40LmGrlw.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0
X-Notice: Filtered by postfilter v. 0.9.2
Content-Language: en-US
 by: Heron - Sun, 22 May 2022 19:38 UTC

On 5/22/2022 12:57 PM, The Real Bev wrote:
>> And as the rest of your post hasn't got anything to do with either how bad
>> the OAuth vunerability is or with the OPs question ...
>
> I figure that understanding it is NOT my job. Not my circus, not my
> monkeys. It would be really nice if I were interested in programming
> and computer security etc., but I'M NOT. I'm a reasonably experienced
> user, that's all.

I don't understand it either but if the luminary that chastised everyone
else can explain the vulnerability to the rest of us, that would be useful.

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6e457$fqk$1@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62838&group=alt.comp.os.windows-10#62838

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!aioe.org!DYeYQiCxQhx5tlrzB/dEGw.user.46.165.242.75.POSTED!not-for-mail
From: bellemar...@gmail.com (CDB)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?
Date: Sun, 22 May 2022 15:50:23 -0400
Organization: Aioe.org NNTP Server
Message-ID: <t6e457$fqk$1@gioia.aioe.org>
References: <t6bngu$177t$1@gioia.aioe.org> <t6d43k$oc0$1@gioia.aioe.org> <t6dlgh$3mb$1@dont-email.me> <t6ds41$10aq$1@gioia.aioe.org> <t6dtga$r3e$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="16212"; posting-host="DYeYQiCxQhx5tlrzB/dEGw.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1
Content-Language: en-US
X-Notice: Filtered by postfilter v. 0.9.2
 by: CDB - Sun, 22 May 2022 19:50 UTC

On 5/22/2022 5:56 PM, Sam Hill wrote:

> Rudy, are you the Holder of that information?

What did Rudy say about how these oa auth bugs work?

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6e9b5$hf5$1@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62839&group=alt.comp.os.windows-10#62839

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!aioe.org!XakcSTEO51npqVb7OVl71w.user.46.165.242.75.POSTED!not-for-mail
From: addr...@not.available (R.Wieser)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?
Date: Sun, 22 May 2022 23:02:54 +0200
Organization: Aioe.org NNTP Server
Lines: 38
Message-ID: <t6e9b5$hf5$1@gioia.aioe.org>
References: <t6bngu$177t$1@gioia.aioe.org> <t6d43k$oc0$1@gioia.aioe.org> <t6dlgh$3mb$1@dont-email.me> <t6ds41$10aq$1@gioia.aioe.org> <t6dtie$ud3$1@dont-email.me>
Injection-Info: gioia.aioe.org; logging-data="17893"; posting-host="XakcSTEO51npqVb7OVl71w.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
X-Priority: 3
X-Newsreader: Microsoft Outlook Express 6.00.2900.5512
X-MSMail-Priority: Normal
X-RFC2646: Format=Flowed; Response
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-Notice: Filtered by postfilter v. 0.9.2
 by: R.Wieser - Sun, 22 May 2022 21:02 UTC

Bev,

> I don't care who he is.

Thats your choice.

Personally I like to learn from my experiences, so that I'm not making the
same mistake twice.

> He spends a lot of time trying to help, and that seems like a decent thing
> to do.

Lol. Have you *ever* seen him try to /answer/ a question here on usenet ?
No ? I didn't think so.

Besides asking questions all he does is post tutorials - in as many
newsgroups as he can think of - to show off how good he is.

.... but lets stop there. I could provide more info about how arlen works
(worked?), but thats not my intention here.

If you don't like my way in which I tell arlen that he should think for
himself before opening his mouth and asking an absolute assinine question
than by all means answer his question yourself.

> I feel bad for not checking out all he does, but I'm just not that
> diligent.

:-) So, you have no idea about the usability of his tutorials, but are
already sure he's helping people with them ? That doesn't quite compute
you know.

FYI: I /have/ read thru a number of his past tutorials.

Regards,
Rudy Wieser

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6e9b9$hf5$2@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62840&group=alt.comp.os.windows-10#62840

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!aioe.org!XakcSTEO51npqVb7OVl71w.user.46.165.242.75.POSTED!not-for-mail
From: addr...@not.available (R.Wieser)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?
Date: Sun, 22 May 2022 23:03:11 +0200
Organization: Aioe.org NNTP Server
Lines: 16
Message-ID: <t6e9b9$hf5$2@gioia.aioe.org>
References: <t6bngu$177t$1@gioia.aioe.org> <t6d43k$oc0$1@gioia.aioe.org><t6dlgh$3mb$1@dont-email.me> <t6ds41$10aq$1@gioia.aioe.org> <t6dtga$r3e$1@dont-email.me>
Injection-Info: gioia.aioe.org; logging-data="17893"; posting-host="XakcSTEO51npqVb7OVl71w.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
X-Notice: Filtered by postfilter v. 0.9.2
X-Priority: 3
X-Newsreader: Microsoft Outlook Express 6.00.2900.5512
X-RFC2646: Format=Flowed; Original
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
 by: R.Wieser - Sun, 22 May 2022 21:03 UTC

Sam,

> Rudy, are you the Holder of that information?

:-)

> I'd wager you could write a "tutorial" on the subject.

I certainly could throw something together that might-or-might-not be
readable/helpfull to anyone and than cross- and multipost it to /everywhere/
because I think everyone should read it if you mean that. :-p

Regards,
Rudy Wieser

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6e9ba$hf5$3@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62841&group=alt.comp.os.windows-10#62841

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!aioe.org!XakcSTEO51npqVb7OVl71w.user.46.165.242.75.POSTED!not-for-mail
From: addr...@not.available (R.Wieser)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?
Date: Sun, 22 May 2022 23:18:03 +0200
Organization: Aioe.org NNTP Server
Lines: 16
Message-ID: <t6e9ba$hf5$3@gioia.aioe.org>
References: <t6bngu$177t$1@gioia.aioe.org> <t6d43k$oc0$1@gioia.aioe.org> <t6dlgh$3mb$1@dont-email.me> <t6ds41$10aq$1@gioia.aioe.org> <t6dtie$ud3$1@dont-email.me> <t6e3el$6mp$1@gioia.aioe.org>
Injection-Info: gioia.aioe.org; logging-data="17893"; posting-host="XakcSTEO51npqVb7OVl71w.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
X-Notice: Filtered by postfilter v. 0.9.2
X-MSMail-Priority: Normal
X-RFC2646: Format=Flowed; Response
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-Priority: 3
X-Newsreader: Microsoft Outlook Express 6.00.2900.5512
 by: R.Wieser - Sun, 22 May 2022 21:18 UTC

Heron,

> I don't understand it either but if the luminary that chastised everyone
> else

OK, you definitily not talking about me there ...

> can explain the vulnerability to the rest of us, that would be useful.

I have no idea, I stopped being interrested in it as soon as I understood
where it resides.

Regards,
Rudy Wieser

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6eai4$218h5$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62842&group=alt.comp.os.windows-10#62842

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: canope...@gmail.com (Thomas)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?
Date: Sun, 22 May 2022 14:39:41 -0700
Organization: To protect and to server
Message-ID: <t6eai4$218h5$1@paganini.bofh.team>
References: <t6bngu$177t$1@gioia.aioe.org> <t6d43k$oc0$1@gioia.aioe.org> <t6dlgh$3mb$1@dont-email.me> <t6ds41$10aq$1@gioia.aioe.org> <t6dtie$ud3$1@dont-email.me> <t6e9b5$hf5$1@gioia.aioe.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Injection-Date: Sun, 22 May 2022 21:39:22 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="2138661"; posting-host="eE2UyB/bvHvJw3mqmwvM2g.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team";
User-Agent: G2/1.0
X-Notice: Filtered by postfilter v. 0.9.1
 by: Thomas - Sun, 22 May 2022 21:39 UTC

On Sunday, May 22, 2022 at 2:02:54 PM, R.Wieser wrote:

> to show off how good he is.

Why are you afraid of everyone elses abilities?
Why can't YOU show how good YOU are by answering a question correctly?

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6ecpa$crv$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62843&group=alt.comp.os.windows-10#62843

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: bashley...@gmail.com (The Real Bev)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox &
Thunderbird?
Date: Sun, 22 May 2022 15:17:09 -0700
Organization: None, as usual
Lines: 31
Message-ID: <t6ecpa$crv$1@dont-email.me>
References: <t6bngu$177t$1@gioia.aioe.org> <t6d43k$oc0$1@gioia.aioe.org>
<t6dlgh$3mb$1@dont-email.me> <t6ds41$10aq$1@gioia.aioe.org>
<t6dtie$ud3$1@dont-email.me> <t6e9b5$hf5$1@gioia.aioe.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sun, 22 May 2022 22:17:15 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="ad8625188e730dc51b05a6d382d25a98";
logging-data="13183"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/RURbzCCGSBROH7cSFSobMST3evRwkpkQ="
User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:38.0) Gecko/20100101
Firefox/38.0 Thunderbird/38.2.0
Cancel-Lock: sha1:jcyeDcf1a5rxAoaHoP4AngHL7ss=
In-Reply-To: <t6e9b5$hf5$1@gioia.aioe.org>
 by: The Real Bev - Sun, 22 May 2022 22:17 UTC

On 05/22/2022 02:02 PM, R.Wieser wrote:
> Bev,

> If you don't like my way in which I tell arlen that he should think for
> himself before opening his mouth and asking an absolute assinine question
> than by all means answer his question yourself.
>
>> I feel bad for not checking out all he does, but I'm just not that
>> diligent.
>
> :-) So, you have no idea about the usability of his tutorials, but are
> already sure he's helping people with them ? That doesn't quite compute
> you know.
>
> FYI: I /have/ read thru a number of his past tutorials.

So have I. That's why I feel guilty. Do you NOT believe he's trying to
help?

I've read -- and edited -- a lot of manuals/instructions that were just
WRONG. If I'm not willing to fix something myself I have to rely on
those who claim to have attempted to solve the problem.

I've watched good newsgroups die because some asshole insists on dumping
on other posters. The accuracy of the dump is irrelevant, it's the
disagreeable nature of the dumpage that destroys the group.

--
Cheers, Bev
"Anonymity is a shield from the tyranny of the majority."
-- U.S. Supreme Court, McIntyre v Ohio Elections,1995

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6el72$1a990$1@news.mixmin.net>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62844&group=alt.comp.os.windows-10#62844

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!news.mixmin.net!.POSTED!not-for-mail
From: spa...@flippers.com (John Robertson)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?
Date: Sun, 22 May 2022 18:41:30 -0600
Organization: Mixmin
Message-ID: <t6el72$1a990$1@news.mixmin.net>
References: <t6bngu$177t$1@gioia.aioe.org> <t6d43k$oc0$1@gioia.aioe.org> <t6dlgh$3mb$1@dont-email.me> <t6ds41$10aq$1@gioia.aioe.org> <t6dtie$ud3$1@dont-email.me> <t6e9b5$hf5$1@gioia.aioe.org> <t6ecpa$crv$1@dont-email.me>
Reply-To: spam@flippers.com
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 23 May 2022 00:41:06 -0000 (UTC)
Injection-Info: news.mixmin.net; posting-host="a45d4a7952e0146646a21566e75ac65ce57fddb8";
logging-data="1385760"; mail-complaints-to="abuse@mixmin.net"
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:78.0) Gecko/20100101 Thunderbird/78.8.1
Content-Language: en-US
X-Usenet-Provider: http://www.giganews.com
X-DMCA-Notifications: http://www.giganews.com/info/dmca.html
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
 by: John Robertson - Mon, 23 May 2022 00:41 UTC

On 2022/05/22 4:17 pm, The Real Bev wrote:

> I've watched good newsgroups die because some asshole insists on dumping
> on other posters.

Most have plonked that Rudy asshole long ago.
--
(Please post followups or tech inquiries to the USENET newsgroup)
John's Jukes Ltd.
MOVED to #7 - 3979 Marine Way, Burnaby, BC, Canada V5J 5E3
(604)872-5757 (Pinballs, Jukes, Video Games)
www.flippers.com
"Old pinballers never die, they just flip out."

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6ellt$22rf6$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62845&group=alt.comp.os.windows-10#62845

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: all...@spam.com (allen)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?
Date: Sun, 22 May 2022 16:49:26 -0800
Organization: To protect and to server
Message-ID: <t6ellt$22rf6$1@paganini.bofh.team>
References: <t6bngu$177t$1@gioia.aioe.org> <t6d43k$oc0$1@gioia.aioe.org> <t6dlgh$3mb$1@dont-email.me> <t6ds41$10aq$1@gioia.aioe.org> <t6dtie$ud3$1@dont-email.me> <t6e3el$6mp$1@gioia.aioe.org> <t6e9ba$hf5$3@gioia.aioe.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 23 May 2022 00:49:02 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="2190822"; posting-host="MwDp4cg29rhHPtc3Q1kooA.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team";
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
X-Notice: Filtered by postfilter v. 0.9.1
Content-Language: en-GB
 by: allen - Mon, 23 May 2022 00:49 UTC

"R.Wieser" <address@not.available> said:

>> can explain the vulnerability to the rest of us, that would be useful.
>
> I have no idea,

Why did you show up when you have nothing to offer?

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6fc17$j8j$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62846&group=alt.comp.os.windows-10#62846

 copy link   Newsgroups: alt.comp.os.windows-10 alt.comp.software.thunderbird alt.comp.software.firefox
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: ithink...@gmail.com (Chris)
Newsgroups: alt.comp.os.windows-10,alt.comp.software.thunderbird,alt.comp.software.firefox
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox
& Thunderbird?
Date: Mon, 23 May 2022 07:10:31 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 56
Message-ID: <t6fc17$j8j$1@dont-email.me>
References: <t6bngu$177t$1@gioia.aioe.org>
<t6d43k$oc0$1@gioia.aioe.org>
<t6dlgh$3mb$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 23 May 2022 07:10:31 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="44b1d6af011efe626054e197b133258a";
logging-data="19731"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/8UVwKzJA9url8MlviynzO5qFOzeWzZ9U="
User-Agent: NewsTap/5.5 (iPhone/iPod Touch)
Cancel-Lock: sha1:rnGz/uIozZHL1KfA+IBNYtwU634=
sha1:L2rH8KzTitSo2gai45QXxuDyF5w=
 by: Chris - Mon, 23 May 2022 07:10 UTC

The Real Bev <bashley101@gmail.com> wrote:
> On 05/22/2022 03:42 AM, R.Wieser wrote:
>> Andy,
>>
>> "Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?"
>>
>> There is a problem with a road in my city. Do you think that it will affect
>> us that are driving a Ford or Chrysler ?
>>
>>
>> The article you provided doesn't name /any/ kind of browser. Ask yourself
>>> Why not ?
>
> That's needlessly snotty.
>
> Some/many of us regard the security of our email as largely irrelevant
> because we assume that anything we put on the internet is public
> information anyway. If username+password is the equivalent of a
> motorcycle air cleaner that filters out birds we're OK with that.
>
> We are now, however, forced to pay attention to google's upcoming
> requirement of OAuth2 rather than the username+password that we have
> been satisfied with for decades.

I'm not sure I understand why you think it's so different? It's still a
username and password just via a different mechanism that is largely hidden
from the user.

I moved mine and my FIL's thunderbird to it years ago to avoid the really
clunky app passwords.

OAuth has been around a long time and proven itself as reliable and secure.

> The available instructions about what changes to our desktop
> browsers/email programs are both lacking and contradictory.

Try here
https://support.mozilla.org/en-US/kb/thunderbird-and-gmail

> Some/many of us are not computer security experts. We expect the
> professionals to deal with this shit, not lay it on our shoulders. I'm
> most worried about having to establish new unwanted IMAP accounts (which
> I don't want to begin with) and notifying nearly 3 decades of entities
> of the new account names.

That's unnecessary and won't happen.

> Google has NOT provided explanations for desktop computer users, only
> phone users. This seems... irresponsible. And it seems tacky to dump
> on someone with a question about something that MIGHT affect us and
> which, so far, has NOT been explained to non-tech people.
>

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6fc18$j8j$2@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62847&group=alt.comp.os.windows-10#62847

 copy link   Newsgroups: alt.comp.os.windows-10 alt.comp.software.thunderbird alt.comp.software.firefox
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: ithink...@gmail.com (Chris)
Newsgroups: alt.comp.os.windows-10,alt.comp.software.thunderbird,alt.comp.software.firefox
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox
& Thunderbird?
Date: Mon, 23 May 2022 07:10:32 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 13
Message-ID: <t6fc18$j8j$2@dont-email.me>
References: <t6bngu$177t$1@gioia.aioe.org>
<jeu4vcFn4l8U1@mid.individual.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 23 May 2022 07:10:32 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="44b1d6af011efe626054e197b133258a";
logging-data="19731"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+Rq8wHvnOOpZN9QRLpFLiuTuDHKubvmjM="
User-Agent: NewsTap/5.5 (iPhone/iPod Touch)
Cancel-Lock: sha1:tCjOutvo9Oxt/7OfEkUCjXYYjiU=
sha1:JHPb5qybpVUvvtbM+Bny+Hj6Zug=
 by: Chris - Mon, 23 May 2022 07:10 UTC

Andy Burns <usenet@andyburns.uk> wrote:
> Andy Burnelli wrote:
>
>> Does this bug in Google GMail OAuth affect us on Windows Firefox & Thunderbird?
>
> Don't know, but it's precisely because of the possibility of that sort of
> cross-domain authentication exploit, that I only use my google account to
> sign-in to services operated by google ...

This is the only correct answer.

Sharing credentials breaks the "don't reuse the same password" rule.

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6fded$10f2$1@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62848&group=alt.comp.os.windows-10#62848

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!aioe.org!XakcSTEO51npqVb7OVl71w.user.46.165.242.75.POSTED!not-for-mail
From: addr...@not.available (R.Wieser)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?
Date: Mon, 23 May 2022 08:25:18 +0200
Organization: Aioe.org NNTP Server
Lines: 21
Message-ID: <t6fded$10f2$1@gioia.aioe.org>
References: <t6bngu$177t$1@gioia.aioe.org> <t6d43k$oc0$1@gioia.aioe.org> <t6dlgh$3mb$1@dont-email.me> <t6ds41$10aq$1@gioia.aioe.org> <t6dtie$ud3$1@dont-email.me> <t6e9b5$hf5$1@gioia.aioe.org> <t6eai4$218h5$1@paganini.bofh.team>
Injection-Info: gioia.aioe.org; logging-data="33250"; posting-host="XakcSTEO51npqVb7OVl71w.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
X-Priority: 3
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-MSMail-Priority: Normal
X-Notice: Filtered by postfilter v. 0.9.2
X-RFC2646: Format=Flowed; Original
X-Newsreader: Microsoft Outlook Express 6.00.2900.5512
 by: R.Wieser - Mon, 23 May 2022 06:25 UTC

Thomas,

> Why are you afraid of everyone elses abilities?

Why do you think I am ? Is it perhaps because you yourself are ?

> Why can't YOU show how good YOU are by answering a question correctly?

"give a man a fish, and he will be back tomorrow, asking for another one.
Teach a man to fish, and he won't go hungry again".

I do not have any wish to be used as an easy source of answers by people who
do not want to put effort into finding answers themselves.

So, what did you do to find the answer yourself ? My guess ? Nothing, as
its easier to demand that others find it for you ...

Regards,
Rudy Wieser

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6fdee$10f2$2@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62849&group=alt.comp.os.windows-10#62849

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!aioe.org!XakcSTEO51npqVb7OVl71w.user.46.165.242.75.POSTED!not-for-mail
From: addr...@not.available (R.Wieser)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?
Date: Mon, 23 May 2022 09:27:06 +0200
Organization: Aioe.org NNTP Server
Lines: 42
Message-ID: <t6fdee$10f2$2@gioia.aioe.org>
References: <t6bngu$177t$1@gioia.aioe.org> <t6d43k$oc0$1@gioia.aioe.org> <t6dlgh$3mb$1@dont-email.me> <t6ds41$10aq$1@gioia.aioe.org> <t6dtie$ud3$1@dont-email.me> <t6e9b5$hf5$1@gioia.aioe.org> <t6ecpa$crv$1@dont-email.me>
Injection-Info: gioia.aioe.org; logging-data="33250"; posting-host="XakcSTEO51npqVb7OVl71w.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-MSMail-Priority: Normal
X-Priority: 3
X-RFC2646: Format=Flowed; Response
X-Newsreader: Microsoft Outlook Express 6.00.2900.5512
X-Notice: Filtered by postfilter v. 0.9.2
 by: R.Wieser - Mon, 23 May 2022 07:27 UTC

Bev,

>> FYI: I /have/ read thru a number of his past tutorials.
>
> So have I. That's why I feel guilty. Do you NOT believe he's trying to
> help?

As I already wrote, no, I don't. As far as I can tell it /at best/ comes at
second place.

> I've read -- and edited -- a lot of manuals/instructions that were just
> WRONG. If I'm not willing to fix something myself I have to rely on those
> who claim to have attempted to solve the problem.

After having read the abslolute unreadable, unfollowable and by times
dangerous to ones computers health garbage arlen posted in the past I'm not
wiling to suggest them to even my worst enemy (and yes, I have told him
that).

Even though at first glance his current tutorial looks at least readable,
arlens current confusion in regard to the article he posted a link to and
which lead upto his current question doesn't give me any confidence that the
quality of it has improved.

> I've watched good newsgroups die because some asshole insists on dumping
> on other posters. The accuracy of the dump is irrelevant, it's the
> disagreeable nature of the dumpage that destroys the group.

You're absolutily right ofcourse. /Everyone/ should have the right to, even
after being warned about it, bring dangerous substances - guns,
dissoving-your-flesh acids, drugs - into a classroom and throw/push them
at/onto others. Its not those kids with a "meh, who cares. Its good for
/me/" attitude who destroy a class, its the teachers and parents who are
trying to save their pupils/kids lives by trying to correct the maversant
who are to blame. Obviously.

/s

Regards,
Rudy Wieser

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6fdee$10f2$3@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62850&group=alt.comp.os.windows-10#62850

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!aioe.org!XakcSTEO51npqVb7OVl71w.user.46.165.242.75.POSTED!not-for-mail
From: addr...@not.available (R.Wieser)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?
Date: Mon, 23 May 2022 09:32:13 +0200
Organization: Aioe.org NNTP Server
Lines: 18
Message-ID: <t6fdee$10f2$3@gioia.aioe.org>
References: <t6bngu$177t$1@gioia.aioe.org> <t6d43k$oc0$1@gioia.aioe.org> <t6dlgh$3mb$1@dont-email.me> <t6ds41$10aq$1@gioia.aioe.org> <t6dtie$ud3$1@dont-email.me> <t6e3el$6mp$1@gioia.aioe.org> <t6e9ba$hf5$3@gioia.aioe.org> <t6ellt$22rf6$1@paganini.bofh.team>
Injection-Info: gioia.aioe.org; logging-data="33250"; posting-host="XakcSTEO51npqVb7OVl71w.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
X-Priority: 3
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-MSMail-Priority: Normal
X-RFC2646: Format=Flowed; Original
X-Newsreader: Microsoft Outlook Express 6.00.2900.5512
X-Notice: Filtered by postfilter v. 0.9.2
 by: R.Wieser - Mon, 23 May 2022 07:32 UTC

Allen,

>>> can explain the vulnerability to the rest of us, that would be useful.
>>
>> I have no idea,
>
> Why did you show up when you have nothing to offer?

I tried to answer to the OP by (again) nudging him to learn to fish for
himself.

You ? You just complain that I do not want to explain to you how the motor
in my fishing boat works.

Regards,
Rudy Wieser

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6fe00$1862$1@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62851&group=alt.comp.os.windows-10#62851

 copy link   Newsgroups: alt.comp.os.windows-10 alt.comp.software.thunderbird alt.comp.software.firefox
Path: i2pn2.org!i2pn.org!aioe.org!XakcSTEO51npqVb7OVl71w.user.46.165.242.75.POSTED!not-for-mail
From: addr...@not.available (R.Wieser)
Newsgroups: alt.comp.os.windows-10,alt.comp.software.thunderbird,alt.comp.software.firefox
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?
Date: Mon, 23 May 2022 09:43:50 +0200
Organization: Aioe.org NNTP Server
Lines: 26
Message-ID: <t6fe00$1862$1@gioia.aioe.org>
References: <t6bngu$177t$1@gioia.aioe.org> <jeu4vcFn4l8U1@mid.individual.net> <t6fc18$j8j$2@dont-email.me>
Injection-Info: gioia.aioe.org; logging-data="41154"; posting-host="XakcSTEO51npqVb7OVl71w.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
X-Priority: 3
X-Notice: Filtered by postfilter v. 0.9.2
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.5512
X-RFC2646: Format=Flowed; Original
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
 by: R.Wieser - Mon, 23 May 2022 07:43 UTC

Chris,

>> Don't know, but it's precisely because of the possibility of that sort of
>> cross-domain authentication exploit, that I only use my google account to
>> sign-in to services operated by google ...
>
> This is the only correct answer.
>
> Sharing credentials breaks the "don't reuse the same password" rule.

I don't think you understand what OAuth is supposed to be doing.

"It specifies a process for resource owners to authorize third-party access
to their server resources without providing credentials."
https://en.wikipedia.org/wiki/OAuth

But, if you think that is the solution you have effectiviliy distroyed
OAuths sole reason for existance and you can just cut it outof the
equation - falling back to a (browsers build-in) password manager which
inserts different username/password combinations for each of the servers you
wish to visit.

Regards,
Rudy Wieser

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6g2v8$106dk$1@solani.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62861&group=alt.comp.os.windows-10#62861

 copy link   Newsgroups: alt.comp.software.thunderbird alt.comp.software.firefox alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: thi...@address.is.invalid (mike)
Newsgroups: alt.comp.software.thunderbird,alt.comp.software.firefox,alt.comp.os.windows-10
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?
Date: Mon, 23 May 2022 19:12:24 +0530
Message-ID: <t6g2v8$106dk$1@solani.org>
References: <t6bngu$177t$1@gioia.aioe.org> <t6d43k$oc0$1@gioia.aioe.org> <t6dlgh$3mb$1@dont-email.me> <t6ds41$10aq$1@gioia.aioe.org> <t6dtie$ud3$1@dont-email.me> <t6e9b5$hf5$1@gioia.aioe.org> <t6ecpa$crv$1@dont-email.me> <t6fdee$10f2$2@gioia.aioe.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 23 May 2022 13:42:01 -0000 (UTC)
Injection-Info: solani.org;
logging-data="1055156"; mail-complaints-to="abuse@news.solani.org"
User-Agent: Unison/2.1.10
Cancel-Lock: sha1:1i7id1afNRrDXGbseB9Xe09ry3Y=
X-User-ID: eJwNyskNADEIA8CWEg6bLQcQ9F/C5jsaV1w0DQ7z9c28mSvq2YJPONV8Tl09Iy8trQIDgcUJuEr12hiDSeUPVDwU5A==
 by: mike - Mon, 23 May 2022 13:42 UTC

On 22-05-2022 23:27 "R.Wieser" <address@not.available> wrote:

> Regards,
> Rudy Wieser

Twenty posts and you still haven't said anything of use for the topic.
You endlessly resentfully whine about someone else who asked a question.

And then you posted ceaselessly about your personal rantings of envy.
Do everyone a favor and STFU if all you want to say is you're jealous.

Re: Does this bug in Google GMail OAuth affect us on Firefox & Thunderbird?

<t6g5at$agj$1@dont-email.me>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=62862&group=alt.comp.os.windows-10#62862

 copy link   Newsgroups: alt.comp.os.windows-10 alt.comp.software.thunderbird alt.comp.software.firefox
Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: ithink...@gmail.com (Chris)
Newsgroups: alt.comp.os.windows-10,alt.comp.software.thunderbird,alt.comp.software.firefox
Subject: Re: Does this bug in Google GMail OAuth affect us on Firefox &
Thunderbird?
Date: Mon, 23 May 2022 15:22:21 +0100
Organization: A noiseless patient Spider
Lines: 24
Message-ID: <t6g5at$agj$1@dont-email.me>
References: <t6bngu$177t$1@gioia.aioe.org> <jeu4vcFn4l8U1@mid.individual.net>
<t6fc18$j8j$2@dont-email.me> <t6fe00$1862$1@gioia.aioe.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 23 May 2022 14:22:22 -0000 (UTC)
Injection-Info: reader02.eternal-september.org; posting-host="3940b7008887f22d54827d81f2535e71";
logging-data="10771"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/oxBOXw0BZ7bW7Dq77Fd4DUunsXiC7gxA="
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0)
Gecko/20100101 Thunderbird/91.9.0
Cancel-Lock: sha1:4Nnkh9mF7NKyrpFyn0xYM8q2iEw=
In-Reply-To: <t6fe00$1862$1@gioia.aioe.org>
Content-Language: en-GB
 by: Chris - Mon, 23 May 2022 14:22 UTC

On 23/05/2022 08:43, R.Wieser wrote:
> Chris,
>
>>> Don't know, but it's precisely because of the possibility of that sort of
>>> cross-domain authentication exploit, that I only use my google account to
>>> sign-in to services operated by google ...
>>
>> This is the only correct answer.
>>
>> Sharing credentials breaks the "don't reuse the same password" rule.
>
> I don't think you understand what OAuth is supposed to be doing.
>
> "It specifies a process for resource owners to authorize third-party access
> to their server resources without providing credentials."
> https://en.wikipedia.org/wiki/OAuth
>
> But, if you think that is the solution you have effectiviliy distroyed
> OAuths sole reason for existance and you can just cut it outof the
> equation - falling back to a (browsers build-in) password manager which
> inserts different username/password combinations for each of the servers you
> wish to visit.

Yup. It introduces a single point of failure. So I prefer not to use it.

Pages:12345678910
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor