Hi. Was just wondering whether changing the google password after sharing it would be an easy way out of the situation. Regards.
* Original message * From: [email protected] Sent: 10:26:44pm 17-09-2009 To: [email protected] Subject: Re: [silk] Kiran Karthikeyan has invited you to Dropbox On Thu, Sep 17, 2009 at 9:29 AM, Kiran K Karthikeyan <[email protected]> wrote: > 2009/9/17 Thaths <[email protected]> >> Actually, you do. See my earlier comment in this thread about OAuth. >> Never give a third party website your gmail password. Instead, >> authorize gmail to share your contacts (NOT password) with the third >> party website using the OAuth mechanism. > So instead of trusting my antivirus software which says that the site is > secure and will not try to steal my data, I trust OAuth. I've heard about > it, but never used it. The advantage with OAuth is that you do not give the third party website your credentials. You just authorize gmail to share limited data with the third party website. And you can always revoke this authorization at any time. > I just had a look at the site and right there on the home page is this: "An > OAuth security issue has been > identified<http://blog.oauth.net/2009/04/22/acknowledgement-of-the-oauth-security-issue/>and > addressed in version 1.0a > of the OAuth Core protocol <http://oauth.net/core/1.0a>. For a description > of the problem, please refer to the > advisory<http://oauth.net/advisories/2009-1>, > issued on April 23, 2009." Kiran, please spare me these knee jerk justifications. Nobody is claiming that there is a fully exploit-free piece of software out there. We are talking about minimizing exposure (by not sharing your password directly with a third party website). I am not even going to expend the effort in explaining why your exposure is less even with that OAuth exploit than simply typing your password into a third party website's text box. I think it is best that I end my involvement in this thread here by saying that you and I appear to have different tolerances to what we share and with whom. Let us agree to disagree on who and what we trust and move on. Have a good day. Thaths -- Homer: Look at these low, low prices on famous brand-name electronics! Bart: Don't be a sap, Dad. These are just crappy knockoffs. Homer: Pfft. I know a genuine Panaphonics when I see it. And look, there's a Magnetbox and Sorny.
