You Logged Into My Account

Presented at DEF CON China Beta (2018), May 11, 2018, 1 p.m. (60 minutes).

This topic describes some ways for inducing victims to log into an attacker's account on the Internet, which can result in some vulnerabilities and attack scenarios.Meanwhile, this topic will also mention how to fix it.This kind of security risk is often overlooked, while it can provide important help for some use of vulnerabilities, even combining some of the low-risk vulnerabilities or features of CSRF, selfxss, OAuth, and SSO, etc. to steal login credentials, bind third-party backdoors accounts, steal privacy, access others' resources, conduct phishing attacks and implement fraudulent use of identity, etc.

Presenters:

• Daizibukaikou
  Network ID: Daizibukaikou. He is skillful in web security and once worked for Internet companies such as Sina, Nokia, Meituan, and Xiaomi on information security. He is currently working for Antfin as a security expert, and is responsible for the system and network security.

Links:

• https://defcon.org/html/defcon-china/dc-cn-speakers.html#Daizibukaikou
• https://infocon.org/cons/DEF CON/DEF CON China beta/DEF CON China beta videos/DEF CON China beta - Daizibukaikou - You logged into my account (cn).mp4
• https://www.youtube.com/watch?v=mmrvFoF1wh4