Not logged in : Login

About: nodeID://b1074237       Sponge   NotDistinct   Permalink

An Entity of Type : owl:Thing, within Data Space : ods-qa.openlinksw.com:8896 associated with source document(s)

AttributesValues
type
author
described by
dateModified
  • 2018-10-29T08:32:23Z
mainEntityOfPage
text
  • Well, it is slightly worse than that - you do not even have to invite them! If they know where you live they can just walk in all by themselves - given that you visit their website. Scenario: It is normal for people to make their webID public available on the web together with some kind of contact information, just like being listed in a phonebook (see for instance Ruben’s friend list https://ruben.verborgh.org/profile/#me or https://www.npmjs.com/package/solid-server#contributing). Using the public information and some social engineering, an attacker can craft a message to those people and ask them to visit a certain web page. Once they visit the webpage, it can use rdflib.js to access their data in the background - and if they happen to be logged in, the website can read/write/modify/delete any and all of their private data. This is possible due to the fact that there is no application validation - I do not grant access to an application. This is very unlike Facebook and others where I explicitely have to grant each and every third party application access to my data before they can, well, access it.
position
  • 18
datePublished
interactionStatistic
is topic of
Faceted Search & Find service v1.17_git55 as of Mar 01 2021


Alternative Linked Data Documents: ODE     Content Formats:       RDF       ODATA       Microdata      About   
This material is Open Knowledge   W3C Semantic Web Technology [RDF Data] Valid XHTML + RDFa
OpenLink Virtuoso version 08.03.3322 as of Mar 14 2022, on Linux (x86_64-generic-linux-glibc25), Single-Server Edition (7 GB total memory)
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2024 OpenLink Software