+1
On 15.06.2023 17:05, George Fletcher wrote:
I'm a +1 for the name
On Thu, Jun 15, 2023 at 11:04 AM Aaron Parecki
<aaron=40parecki....@dmarc.ietf.org> wrote:
I like it, it's definitely the best out of the list.
Aaron
On Thu, Jun 15, 2023 at 7:57 AM Pieter Kasselman
<pieter.kasselman=40microsoft....@dmarc.ietf.org> wrote:
Hi folks, one of the discussion points at IETF 116 for the
cross-device security BCP was finding a collective name for
the exploits of the cross device flows we were seeing. We got
several suggestions since then (see list below).
We are thinking of adopting the term “Cross-Device Consent
Phishing (CDCP)” given that it describes the scope of the
attacks (cross-device), the purpose of the attacks (obtaining
user consent), and the technique (phishing, and other social
engineering techniques).
Does this feel like a good descriptive name to adopt?
The list of names that was suggested over the last few months:
1. Cross-Device Consent Phishing
2. Illicit Consent Grant Attack
3. Attacker-in-the-Middle Attack
4. Authorization Context Manipulation Attack
5. Authorization Context Manipulation Exploit
6. "Cross-Device Authorization Exploit"
7. "Social Engineering Token Theft"
8. "Authorization Flow Manipulation Exploit"
9. Context Manipulation Authorization Exploit
10. Zishing
11. Azishing
12. FlowJack
13. AuthJack
14. TokenJack
15. Permitphishing,
16. Authishing
Cheers
Pieter
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
<https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/oauth__;!!FrPt2g6CO4Wadw!MiVGjrrSZVrFfqf5H3kVV6POC4gNvh4iM5j_St4tWh0T_-9MQOlgEBWH6kUuh1RtUeBGH_FynAidy_YXHRrQoFVGgaI2Y3MQ738ijjY$>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/oauth__;!!FrPt2g6CO4Wadw!MiVGjrrSZVrFfqf5H3kVV6POC4gNvh4iM5j_St4tWh0T_-9MQOlgEBWH6kUuh1RtUeBGH_FynAidy_YXHRrQoFVGgaI2Y3MQ738ijjY$
------------------------------------------------------------------------
The information contained in this e-mail is confidential and/or
proprietary to Capital One and/or its affiliates and may only be used
solely in performance of work or services for Capital One. The
information transmitted herewith is intended only for use by the
individual or entity to which it is addressed. If the reader of this
message is not the intended recipient, you are hereby notified that
any review, retransmission, dissemination, distribution, copying or
other use of, or taking of any action in reliance upon this
information is strictly prohibited. If you have received this
communication in error, please contact the sender and delete the
material from your computer.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web: https://hackmanit.de | IT Security Consulting, Penetration Testing,
Security Training
Multi-Factor Authentication (MFA) increases the security of your account. Learn
what the best MFA options are in our blog
post:https://www.hackmanit.de/en/blog-en/162-what-is-mfa
Hackmanit GmbH
Universitätsstraße 60 (Exzenterhaus)
44789 Bochum
Registergericht: Amtsgericht Bochum, HRB 14896
Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr.
Christian Mainka, Prof. Dr. Marcus Niemietz
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
