Hello and welcome to the Wednesday, October 25, 2020,

edition of the Sansonet Stormontas Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Let's start today with a false positive.

Apparently, Android has been alerting users that Samsung messages as well as Samsung

wallet are harmful and they have been removed from some

devices by Google Protect. There have been a number of post-Google

forums. I'll link to an article by 925 Google who also wrote about it

and has links to help in case your device is affected and these applications were removed

the main problem here is likely Samsung wallet Samsung in the meantime has posted that this was apparently caused by a server failure on

Google's end should be fixed by now and you should no longer see these messages.

And Salt Labs published the third installment of its blog series about problems with Oath implementations.

Now, what they're specifically looking at in this particular blog post is websites that are supporting things like login with Facebook.

In order for this to work, the user is connecting to Facebook,

is getting a token, basically proving that this is the particular user, and then passing that

token to a particular application that supports login with Facebook. The problem here is that, well, what if a malicious user is setting up an application, is having

users log into that application?

Can the attacker then use the tokens that user submitted to the attacker's application and use them to log

into other websites that are supporting login with Facebook.

It's not just login with Facebook.

This is the other of all the login with another site if OAuth is being used here.

And the answer is, well, a yes for some sites like, for example,

...