[talk] Cyber False Login
John Weintraub
johnweintraub at gmail.com
Thu Dec 28 03:24:08 EST 2017
unless C convinces B that it's A when in fact it's not A at all.
On Dec 28, 2017 12:17 AM, "Sujit K M" <kmsujit at gmail.com> wrote:
On Thu, Dec 28, 2017 at 10:13 AM, John Weintraub
<johnweintraub at gmail.com> wrote:
> Hi Sujit;
>
> I'd think that the site A or B or both have some auto-logoff feature,
where
> after not very long, if no activity is detected, the user is logged out.
> This could be, say three to five minutes of inactivity. I know that would
> create some vulnerability, but that's a pretty narrow window in which to
> hack a website. And for my money, I think it would be site A that would
have
> the auto-logoff feature, which might be as simple as a script telling
site B
> to log out the inactive user.
>
Another way to look at it is since A calls B and B knows A is the One
that is authenticated.
It doesn't let Another Site C To use the authentication owned by A.
_______________________________________________
talk mailing list
talk at lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/talk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20171228/bdd0e84b/attachment.html>
More information about the talk
mailing list