where is the "session fixation" / token hijacking attack graphic? The history of... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		fcpguru 4 months ago \| parent \| context \| favorite \| on: An illustrated guide to OAuth where is the "session fixation" / token hijacking attack graphic? The history of 1.0 and the rush to put out OAuth 1.0a I will always remember. The year was 2008 and us yammer engineers implemented this new best practice auth system. It went live. And then suddenly a few days later someone in the office proved how the hijack was possible.

7bit 4 months ago [–]

Why is that relevant. We are at OAuth 2.0. who cares about what's been 17 years ago?

fcpguru 4 months ago | | [–]

i guess it's not. just past trama. I had to talked about it. Better now.

brabel 4 months ago | | [–]

2.1 is just around the corner.

ted_dunning 4 months ago | | [–]

And 2008 is still 17 years ago.

brabel 4 months ago | | [–]

What??

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact