标题: Google tries to fend off man-in-the-middle attacks with a clever workaround.... [打印本页] 作者: RAJUPILLAY2197 时间: 2019-04-20 22:56 标题: Google tries to fend off man-in-the-middle attacks with a clever workaround.... Edited by RAJUPILLAY2197 at 2019-04-20 14:58
[br]
(, 下载次数: 0)
上传
点击文件名下载附件
下载积分: XGold -5
[br]Google announced today on its Security Blog that it will block sign-ins from embedded browser frameworks starting in June. The hope is that such a move will better protect people from man-in-the-middle (MITM) attacks.[br][br]Embedded browser frameworks allow developers to include web instances in their applications. For example, Spotify uses embedded browser frameworks to allow folks to sign into their Facebook accounts. The idea behind embedded browser frameworks is to improve the user experience by keeping people in an app instead of kicking them to a full browser if they want to sign into a service.[br][br]Google announced today on its Security Blog that it will block sign-ins from embedded browser frameworks starting in June. The hope is that such a move will better protect people from man-in-the-middle (MITM) attacks.[br][br]Embedded browser frameworks allow developers to include web instances in their applications. For example, Spotify uses embedded browser frameworks to allow folks to sign into their Facebook accounts. The idea behind embedded browser frameworks is to improve the user experience by keeping people in an app instead of kicking them to a full browser if they want to sign into a service.[br][br][br]Android security review 2018: Huge boost in device security updates[br]The problem is that a MITM attack can intercept login credentials and second factors. According to Google, it’s unable to “differentiate between a legitimate sign-in and a MITM attack” in embedded browsers. Google’s solution, then, is to block sign-ins from embedded browser frameworks altogether.[br][br]As a result, Google wants developers to switch to browser-based OAuth authentication. That way, apps will send users to Chrome, Safari, Firefox, or other mobile browsers if they want to sign into a service.[br][br]It might seem more inconvenient relative to how sign-ins work now, but today’s announcement means that people can see a page’s full URL. That way, people know whether the page they’re typing their login credentials into is legitimate or not.[br][br]Developers with apps that requires access to Google Account data are encouraged to switch to using browser-based OAuth authentication today.[br][br][br][br][h2]#Infinix_Ind[span style="font-weight: bold;"][/span]ia.....[/h2][br][h2]#The_Future_is_[span style="font-style: italic;"][/span]No[span style="font-weight: bold;"][/span]w.....[/h2]
作者: irfan_kolkata 时间: 2019-04-21 01:11
Nice share..... 作者: Thinesh 时间: 2019-04-21 02:26
Nice share 作者: sakhr68 时间: 2019-04-23 12:58
Nice share
欢迎光临 XCLUB-COOL STUFF AROUND YOU (https://admin.in.ilovexclub.com/)