Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Then oauth based attacks like this come along and your password (however strong it may be) and two-factor auth are bypassed completely... It's interesting Apple can scale personally vetting apps for the app store but Google apparently can't be bothered to do the same for apps that could actually ruin businesses and lives with the data they could scoop up


It is not quite a virus, it works more akin to a trojan and exploits people not thinking about what they're clicking.

In 10s, why would Google docs ask for an oAuth prompt with big permissions?

People click through security dialogs, it is a known fact.


Funny that you'd ask that, as when developing Google Script automation scripts, Google Docs asks for exactly that.

(Of course, this is a different situation and all, and there is a lot of sense in your comment that mine doesn't at all invalidate.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: