Hi folks, one of the discussion points at IETF 116 for the cross-device security BCP was finding a collective name for the exploits of the cross device flows we were seeing. We got several suggestions since then (see list below).
We are thinking of adopting the term "Cross-Device Consent Phishing (CDCP)" given that it describes the scope of the attacks (cross-device), the purpose of the attacks (obtaining user consent), and the technique (phishing, and other social engineering techniques). Does this feel like a good descriptive name to adopt? The list of names that was suggested over the last few months: 1. Cross-Device Consent Phishing 2. Illicit Consent Grant Attack 3. Attacker-in-the-Middle Attack 4. Authorization Context Manipulation Attack 5. Authorization Context Manipulation Exploit 6. "Cross-Device Authorization Exploit" 7. "Social Engineering Token Theft" 8. "Authorization Flow Manipulation Exploit" 9. Context Manipulation Authorization Exploit 10. Zishing 11. Azishing 12. FlowJack 13. AuthJack 14. TokenJack 15. Permitphishing, 16. Authishing Cheers Pieter
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
