• <span id="tpsth"><output id="tpsth"></output></span>
  • <input id="tpsth"></input>

  • <optgroup id="tpsth"></optgroup>
    <optgroup id="tpsth"></optgroup>
  • 訂閱

    多平臺閱讀

    微信訂閱

    雜志

    申請紙刊贈閱

    訂閱每日電郵

    移動應用

    商業 - 科技

    蘋果推出新登錄功能,用戶可能面臨更大風險

    Alyssa Newcomb 2019年07月04日

    專家認為,OpenID加大了人們對潛在安全風險的顧慮。

    行業團體OpenID基金會稱,允許人們用一個蘋果賬號登錄各個網站和app的新登錄功能,存在重大隱私和安全漏洞,必須予以修復。

    該基金會為非營利組織,成員包括谷歌、PayPal和微軟等。它管理的OpenID Connect是一項行業標準,作用是對同一ID在多個網站上授權,而且無需設置不同的密碼。

    OpenID基金會指出,“Sign in with Apple”功能和Open ID Connect有一些類似之處,但它并不完全符合該行業標準。該組織寫給蘋果公司工程高級副總裁克雷格·費德里吉的信指出,該問題有可能讓人們面臨“更大的安全和隱私風險”。

    OpenID基金會的主席奈特·崎村在信中寫道:“OpenID Connect和Sign in with Apple目前的不同之處讓人們可以使用Sign in with Apple的地方變少了,而且讓他們面臨更大的安全和隱私風險。”

    崎村說蘋果尚未推出的這項單一ID登錄功能還給開發者帶來了“不必要的負擔”,因為他們必須使用OpenID Connect標準并對蘋果此項功能的不同之處進行處理。

    OpenID基金會要求蘋果加入該組織并遵循OpenID Connect標準。一份追蹤該標準和蘋果產品差別的文件已經詳細列出了“彌合差異”所需要調整的代碼。

    網絡安全公司Mimecast的威脅情報部門主管弗朗西斯·加夫尼表示,OpenID使得人們加大了對潛在安全風險的顧慮。

    加夫尼認為:“考慮到威脅行動體越發仔細地搜尋潛在漏洞,他們發現并利用某個‘差異’可能只是時間問題。”

    蘋果沒有立即對詢問做出回應。該公司一直宣稱,Sign in with Apple可以幫助重視隱私的人登錄他們喜歡的網站。蘋果表示它不會和app開發者共享不必要的數據。

    Sign in with Apple尚未發布,但iPhone用戶應該會在自己喜歡的app中看到這個選項,原因是蘋果已經要求提供其他單一ID登錄方案(比如通過Facebook或谷歌賬號登錄)的開發者同樣向用戶推薦Sign in with Apple。(財富中文網)

    譯者:Charlie

    審校:夏林

    Apple’s new sign in feature, which allows people to use an Apple ID to sign into websites and apps, has critical privacy and security gaps that must be fixed, according to an industry group.

    The OpenID Foundation, a nonprofit with members including Google, PayPal, and Microsoft, runs OpenID Connect, an industry standard for authenticating a person’s identity across multiple websites, without requiring them to use different passwords.

    Sign in with Apple has some similarities with Open ID Connect, according to the group, but it’s not entirely in line with the industry standard. That’s a problem that could expose people to “greater security and privacy risks,” according to a letter the OpenID Foundation sent to Craig Federighi, Apple’s senior vice president of engineering.

    “The current set of differences between OpenID Connect and Sign in with Apple reduces the places where users can use Sign in with Apple, and exposes them to greater security and privacy risks,” Nat Sakimura, chairman of the OpenID Foundation, wrote in the letter.

    Sakimura says the single sign-in feature, which has yet to be rolled out, also puts an “unnecessary burden” on developers, who must work with the OpenID Connect standard and navigate the differences in Apple’s sign in feature.

    The OpenID Foundation asks that Apple join the group, and to become compliant with the industry protocol. A document tracking differences between those protocols and Apple’s product details a list of necessary coding changes to “address the gaps.”

    Francis Gaffney, director of threat intelligence at cybersecurity company Mimecast, says OpenID raises valid concerns about potential security risks.

    “Given the increased scrutiny by threat actors on potential vulnerabilities, it would only be a matter of time before one of these ‘differences’ is discovered and exploited,” Gaffney says.

    Apple did not immediately respond to a request for comment. The company is touting Sign in with Apple as a way for privacy-minded people to log into their favorite websites. Apple says it won’t share unnecessary data with app developers.

    Sign in with Apple hasn’t been publicly released, however anyone with an iPhone should expect to see it as an option in their favorite apps, since Apple requires developers who offer other single sign on options, such as through a Facebook or Google account, to also promote Apple’s sign-in as an option.

    我來點評

      最新文章

    最新文章:

    500強情報中心

    財富專欄

    日本极品a级片_日本一级特黄大片