Search results1 – 10 of over 6000
The interoperability of cloud data between web applications and mobile devices has vastly improved over recent years. The popularity of social media, smartphones and…
The interoperability of cloud data between web applications and mobile devices has vastly improved over recent years. The popularity of social media, smartphones and cloud-based web services have contributed to the level of integration that can be achieved between applications. This paper investigates the potential security issues of OAuth, an authorisation framework for granting third-party applications revocable access to user data. OAuth has rapidly become an interim de facto standard for protecting access to web API data. Vendors have implemented OAuth before the open standard was officially published. To evaluate whether the OAuth 2.0 specification is truly ready for industry application, an entire OAuth client server environment was developed and validated against the speciation threat model. The research also included the analysis of the security features of several popular OAuth integrated websites and comparing those to the threat model. High-impacting exploits leading to account hijacking were identified with a number of major online publications. It is hypothesised that the OAuth 2.0 specification can be a secure authorisation mechanism when implemented correctly.
To analyse the security of OAuth implementations in industry a list of the 50 most popular websites in Ireland was retrieved from the statistical website Alexa (Noureddine and Bashroush, 2011). Each site was analysed to identify if it utilised OAuth. Out of the 50 sites, 21 were identified with OAuth support. Each vulnerability in the threat model was then tested against each OAuth-enabled site. To test the robustness of the OAuth framework, an entire OAuth environment was required. The proposed solution would compose of three parts: a client application, an authorisation server and a resource server. The client application needed to consume OAuth-enabled services. The authorisation server had to manage access to the resource server. The resource server had to expose data from the database based on the authorisation the user would be given from the authorisation server. It was decided that the client application would consume emails from Google’s Gmail API. The authorisation and resource server were modelled around a basic task-tracking web application. The client application would also consume task data from the developed resource server. The client application would also support Single Sign On for Google and Facebook, as well as a developed identity provider “MyTasks”. The authorisation server delegated authorisation to the client application and stored cryptography information for each access grant. The resource server validated the supplied access token via public cryptography and returned the requested data.
Two sites out of the 21 were found to be susceptible to some form of attack, meaning that 10.5 per cent were vulnerable. In total, 18 per cent of the world’s 50 most popular sites were in the list of 21 OAuth-enabled sites. The OAuth 2.0 specification is still very much in its infancy, but when implemented correctly, it can provide a relatively secure and interoperable authentication delegation mechanism. The IETF are currently addressing issues and expansions in their working drafts. Once a strict level of conformity is achieved between vendors and vulnerabilities are mitigated, it is likely that the framework will change the way we access data on the web and other devices.
OAuth is flexible, in that it offers extensions to support varying situations and existing technologies. A disadvantage of this flexibility is that new extensions typically bring new security exploits. Members of the IETF OAuth Working Group are constantly refining the draft specifications and are identifying new threats to the expanding functionality. OAuth provides a flexible authentication mechanism to protect and delegate access to APIs. It solves the password re-use across multiple accounts problem and stops the user from having to disclose their credentials to third parties. Filtering access to information by scope and giving the user the option to revoke access at any point gives the user control of their data. OAuth does raise security concerns, such as defying phishing education, but there are always going to be security issues with any authentication technology. Although several high impacting vulnerabilities were identified in industry, the developed solution proves the predicted hypothesis that a secure OAuth environment can be built when implemented correctly. Developers must conform to the defined specification and are responsible for validating their implementation against the given threat model. OAuth is an evolving authorisation framework. It is still in its infancy, and much work needs to be done in the specification to achieve stricter validation and vendor conformity. Vendor implementations need to become better aligned in order to provider a rich and truly interoperable authorisation mechanism. Once these issues are resolved, OAuth will be on track for becoming the definitive authentication standard on the web.
Aim of the present monograph is the economic analysis of the role of MNEs regarding globalisation and digital economy and in parallel there is a reference and examination…
Aim of the present monograph is the economic analysis of the role of MNEs regarding globalisation and digital economy and in parallel there is a reference and examination of some legal aspects concerning MNEs, cyberspace and e‐commerce as the means of expression of the digital economy. The whole effort of the author is focused on the examination of various aspects of MNEs and their impact upon globalisation and vice versa and how and if we are moving towards a global digital economy.
In the last four years, since Volume I of this Bibliography first appeared, there has been an explosion of literature in all the main functional areas of business. This…
In the last four years, since Volume I of this Bibliography first appeared, there has been an explosion of literature in all the main functional areas of business. This wealth of material poses problems for the researcher in management studies — and, of course, for the librarian: uncovering what has been written in any one area is not an easy task. This volume aims to help the librarian and the researcher overcome some of the immediate problems of identification of material. It is an annotated bibliography of management, drawing on the wide variety of literature produced by MCB University Press. Over the last four years, MCB University Press has produced an extensive range of books and serial publications covering most of the established and many of the developing areas of management. This volume, in conjunction with Volume I, provides a guide to all the material published so far.
The long controversy that has waxed furiously around the implementation of the EEC Directives on the inspection of poultry meat and hygiene standards to be observed in poultry slaughterhouses, cutting‐up premises, &c, appears to be resolved at last. (The Prayer lodged against the Regulations when they were formally laid before Parliament just before the summer recess, which meant they would have to be debated when the House reassembled, could have resulted in some delay to the early operative dates, but little chance of the main proposals being changed.) The controversy began as soon as the EEC draft directive was published and has continued from the Directive of 1971 with 1975 amendments. There has been long and painstaking study of problems by the Ministry with all interested parties; enforcement was not the least of these. The expansion and growth of the poultry meat industry in the past decade has been tremendous and the constitution of what is virtually a new service, within the framework of general food inspection, was inevitable. None will question the need for efficient inspection or improved and higher standards of hygiene, but the extent of the
The findings of the Steering Group on Food Freshness in relation to the compulsory date marking of food contained in their Report, reviewed elsewhere in this issue, has brought within measurable distance the Regulations which were, in any case, promised for1975. The Group consider that the extension of voluntary open date marking systems will not be sufficiently rapid (or sufficiently comprehensive) to avoid the need or justify the delay in introducing legislation.
From earliest times the land and all it produced to feed and sustain those who dwelt on it was mankind's greatest asset. From the Biblical “land of milk and honey”, down through history to the “country of farmers” visualised by the American colonists when they severed the links with the mother country, those who had all their needs met by the land were blessed — they still are! The inevitable change brought about by the fast‐growing populations caused them to turn to industry; Britain introduced the “machine age” to the world; the USA the concept of mass production — and the troubles and problems of man increased to the present chaos of to‐day. There remained areas which depended on an agri‐economy — the granary countries, as the vast open spaces of pre‐War Russia; now the great plains of North America, to supply grain for the bread of the peoples of the dense industrial conurbations, which no longer produced anything like enough to feed themselves.
The statement of the Minister of Agriculture, Fisheries and Food, coming so quickly after the ban on the use of cyclamates in food and drink in the United States, indicates that the new evidence of carcinogenesis in animals, placed at the disposal of the authorities by the U.S. F.D.A., has been accepted; at least, until the results of investigations being carried out in this country are available. The evidence was as new to the U.S. authorities as to our own and in the light of it, they could no longer regard the substances as in the GRAS class of food additives. It is, of course, right that any substance of which there is the slightest doubt should be removed from use; not as the result of food neuroses and health scares, but only on the basis of scientific evidence, however remote the connection. It is also right that there should always be power of selection by consumers avoidance is usually possible with other things known to be harmful, such as smoking and alcohol; in other cases, especially with chemical additives to food and drink, there must be pre‐knowledge, so that those who do not wish to consume food or drink containing such additives can ascertain from labelling those commodities which contain them.
Sane and civilised people, capable of thinking clearly, now recognise that if the peace of the world is to be secured, and that if another and even greater cataclysm is to be prevented, the Huns and their accomplices must be crushed, and crushed so completely that their recovery of the power to do evil shall be rendered utterly impossible. The persons who are “Pro‐German” for reasons at present best known to themselves, and the peace‐at‐any‐price cranks, may be left out of consideration except in so far as the advisability of placing the former under lock and key and the latter in lunatic asylums demands attention. A premature and inconclusive peace which would make it possible for our abominable enemies to rise again and threaten civilised mankind is unthinkable, and the Allied Powers must of necessity carry on the war until the Thugs of Europe have bitten the dust and have been compelled to sue for peace without terms or conditions. When the “Central Powers” have been forced to their knees, and the Allied armies of occupation have made them taste the bitterness and humiliation of invasion, the surviving criminals will be placed at the bar to receive the sentence of their judges, while the populations who have approved and applauded their hideous acts must also have adequate punishment meted out to them. What form is that punishment to take? The long and ghastly account has got to be read out and settled—so far as it can be settled in this world. What is to be the settlement?
Merchants and manufacturers have it in their power to minimise in some degree the extent to which we are becoming indebted to foreign countries in respect of the large excess of imports over exports, by obtaining, as far as possible, their imported supplies of food products and raw materials for industries from countries within the Empire. Take, for example, meat and cheese. The prevailing high prices are no doubt encouraging the home production of these commodities. Nevertheless a large quantity must necessarily be imported. In 1914 meat to the value of 62 million pounds was imported, and cheese to the value of 8 million pounds. Of the imports of meat 26 per cent. came from within the Empire, and of cheese 82 per cent. Clearly it is better under existing circumstances that we should buy meat from Australia and New Zealand than from Argentina, and cheese from Canada and New Zealand rather than from Holland and the United States. Many other examples may be mentioned of products which can equally as well be obtained within the Empire as from foreign countries, such as maize from South Africa, where a large increase of production is expected this year; oats from Canada rather than from Argentina and the United States; barley from Canada; peas from New Zealand; butter from Australia and New Zealand; canned salmon, of which 2½ million pounds' worth was imported in 1914, from Canada rather than from the United States; apples from Canada and Australia; wine from Australia; tea from India and Ceylon rather than from China and Java; cocoa from the Gold Coast and the West Indies; copra from Malaya, India and Australia; rubber from Malaya and Ceylon; fibres from New Zealand, Mauritius, Ceylon, etc.; wood pulp from Canada and Newfoundland; wool from Australia, New Zealand, South Africa and the Falkland Islands rather than from Argentina, Chile and other foreign sources; tanning materials from India, Natal, Australia and British East Africa; dyewoods from the West Indies; timber from Canada; hardwoods from India, West Africa, the West Indies and Australia; copper and copper ore from Australia and South Africa; tin and tin ore from Malaya, Nigeria, South Africa and Australia; manganese from India; plumbago from Ceylon; hides from India, Africa and Australia, and so forth. It has been stated that the result of the war may ultimately depend largely on financial strength. In that case the country which is to the greatest extent self‐supporting as regards supplies of the necessaries of life and materials for the manufacture of munitions of war will be in a position to carry on the longest. Undoubtedly the British Empire contains within itself the power to produce all such materials, and the Dominions, Colonies and Dependencies are in fact already supplying a large proportion of the food products and raw materials for industries, which are imported into the United Kingdom. There are a few notable exceptions, e.g., for our supplies of cotton and sugar we have always been largely dependent on foreign countries, but Uganda and the Soudan are capable of producing in the future very large quantities of cotton of the quality required by Lancashire spinners, and sugar production in our Colonies could, with proper encouragement, be expanded so as to meet the whole of the requirements of the Mother Country. If the British capital and energy which have in the past gone every year to the development of enterprises in foreign countries had been devoted for a tew years exclusively to exploiting the resources of the Dominions and Colonies, the British Empire would, by this time, have become practically self‐supporting, and the bulk of our imported foodstuffs and raw products required for our manufacturing industries would now be obtained from within the Empire and paid for by increased quantities of our own manufactures. It may be hoped that one of the lessons which we shall learn from the war will be definitely to encourage the development of the vast resources of our overseas Empire. — The Chamber of Commerce Journal.
A highly significant action taken by the Minister of Agriculture, Fisheries and Food, reported elsewhere in this issue, could well result in important advances in surveillance and probably legislative control over enforcement of certain aspects of EEC legislation in the Member‐states. The Minister has sent an urgent request to the Commission in Brussels to dispatch inspectors to each country, including the United Kingdom, to examine and report on the standards of inspection and hygiene with detailed information on how the EEC Directive on Poultry Meat is being implemented. Information of the method of financing the cost of poultrymeat inspection in each country has ben requested. The comprehensive survey is seen as a common approach in this one field. The Minister requested that the results of the inspectors' reports should be available to him and other Member‐states.