I'm a +1 for the name On Thu, Jun 15, 2023 at 11:04 AM Aaron Parecki <aaron= [email protected]> wrote:
> I like it, it's definitely the best out of the list. > > Aaron > > On Thu, Jun 15, 2023 at 7:57 AM Pieter Kasselman <pieter.kasselman= > [email protected]> wrote: > >> Hi folks, one of the discussion points at IETF 116 for the cross-device >> security BCP was finding a collective name for the exploits of the cross >> device flows we were seeing. We got several suggestions since then (see >> list below). >> >> >> >> We are thinking of adopting the term “Cross-Device Consent Phishing >> (CDCP)” given that it describes the scope of the attacks (cross-device), >> the purpose of the attacks (obtaining user consent), and the technique >> (phishing, and other social engineering techniques). >> >> >> >> Does this feel like a good descriptive name to adopt? >> >> >> >> The list of names that was suggested over the last few months: >> >> >> >> 1. Cross-Device Consent Phishing >> 2. Illicit Consent Grant Attack >> 3. Attacker-in-the-Middle Attack >> 4. Authorization Context Manipulation Attack >> 5. Authorization Context Manipulation Exploit >> 6. "Cross-Device Authorization Exploit" >> 7. "Social Engineering Token Theft" >> 8. "Authorization Flow Manipulation Exploit" >> 9. Context Manipulation Authorization Exploit >> 10. Zishing >> 11. Azishing >> 12. FlowJack >> 13. AuthJack >> 14. TokenJack >> 15. Permitphishing, >> 16. Authishing >> >> >> >> Cheers >> >> >> >> Pieter >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth >> <https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/oauth__;!!FrPt2g6CO4Wadw!MiVGjrrSZVrFfqf5H3kVV6POC4gNvh4iM5j_St4tWh0T_-9MQOlgEBWH6kUuh1RtUeBGH_FynAidy_YXHRrQoFVGgaI2Y3MQ738ijjY$> >> > _______________________________________________ > OAuth mailing list > [email protected] > > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/oauth__;!!FrPt2g6CO4Wadw!MiVGjrrSZVrFfqf5H3kVV6POC4gNvh4iM5j_St4tWh0T_-9MQOlgEBWH6kUuh1RtUeBGH_FynAidy_YXHRrQoFVGgaI2Y3MQ738ijjY$ > ______________________________________________________________________ The information contained in this e-mail is confidential and/or proprietary to Capital One and/or its affiliates and may only be used solely in performance of work or services for Capital One. The information transmitted herewith is intended only for use by the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, you are hereby notified that any review, retransmission, dissemination, distribution, copying or other use of, or taking of any action in reliance upon this information is strictly prohibited. If you have received this communication in error, please contact the sender and delete the material from your computer.
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
