Blockchain Use cases and Identity

I just came across with Don Tapscott’s TED Talk titled “How the blockchain is changing money and business” . In it, he talks about 5 potential use cases of blockchain technology that may result in transformations for a prosperous world. They are: Protecting rights through immutable records, e.g., land title. In many places …

Attack Vectors on Modern Cars – Side Effects of Automotive Digitalization

The keynote presentation at the #EIC17 by Stephan Gerhager was an intriguing one. It amply told us that the security model around cars is really scary. I do not feel good driving a connected car after hearing it. It is a pity that neither video nor presentation is available, but here …

FAPI Presentation at Open Data in Finance Conference @ London

Here is the presentation file that I used for my 10 minutes OpenID Foundattion Financial API WG presentation at the Open Data in Finance Conference ( June 15, 2016). To join the Working Group, please sign the IPR Contribution agreement online by clicking here or download the PDF form and fill it, scan …

Open Data in Finance Conference: Chair’s Welcome

Here is the script of the Chair’s remark at the opening of the Open Data in Fianance Conference in London (June 15, 2016) 09:00 – 09:10 Chair’s Welcome Nat SakimuraSenior ResearcherNomura Research Institute Hello. Welcome to the Open Data in Finance Conference. I am really excited to be a part …

GSA 18F’s unauthorized Slack use caused breach of 100 GSA Google Drives?

@JamieXML pinged me about the @18F breach that I completely missed. I quickly googled it and found this article. IG report:18F’s unauthorized Slack use caused breach of 100 GSA Google Drives It refers to “MANAGEMENT ALERT REPORT:GSA Data Breach” [JE16-004], which is a very strange report. It says “over 100 …

Cut and pasted code attack in OAuth 2.0 [RFC6749]

The so called ‘cut and pasted code attack’ also known as ‘Frankenstein Monster Attack’ is an attack that the adversary swaps the ‘code’ in the authorization response with the victim’s ‘code’ that the adversary has gotten hold of somehow. It can be through the Code Phishing attack, or some other attacks. …

Code phishing attack on OAuth 2.0 [RFC6749]

Code phishing attack is the attack that the adversary obtains the code and client credentials from the legitimate client and uses them against the honest token endpoint to obtain tokens thereby accessing the protected resources illegitimately. Assumptions There are not much assumptions needed for this attack. The client and the server …