Analysing the Security of Google's implementation of OpenID Connect

Many millions of users routinely use their Google accounts to log in to relying party (RP) websites supporting the Google OpenID Connect service. OpenID Connect, a newly standardised single-sign-on protocol, builds an identity layer on top of the OAuth 2.0 protocol, which has itself been widely adopted to support identity management services. It adds identity management functionality to the OAuth 2.0 system and allows an RP to obtain assurances regarding the authenticity of an end user. A number of authors have analysed the security of the OAuth 2.0 protocol, but whether OpenID Connect is secure in practice remains an open question. We report on a large-scale practical study of Google's implementation of OpenID Connect, involving forensic examination of 103 RP websites which support its use for sign-in. Our study reveals serious vulnerabilities of a number of types, all of which allow an attacker to log in to an RP website as a victim user. Further examination suggests that these vulnerabilities are caused by a combination of Google's design of its OpenID Connect service and RP developers making design decisions which sacrifice security for simplicity of implementation. We also give practical recommendations for both RPs and OPs to help improve the security of real world OpenID Connect systems

Permeability of blood-tear barrier to fluorescein and albumin after application of platelet-activating factor to the eye of the guinea pig

One of the inflammatory responses of the eye to local application of platelet-activating factor (PAF) is oedema of the conjunctiva, caused by extravasation of plasma. Aim of the study was to investigate if fluorescein would leak from the blood into the tears together with plasma protein after application of PAF to the eye. Fluorescein was given intraperitoneally 30 min prior to application of 25 μl of 0.1% solution of PAF. Thirty min after PAF the tear film was collected by washing the surface of the eye with 25 μl of phosphate buffered saline (PBS). Fluorescein in eye washings and in plasma was measured by fluorophotometry and albumin by immunodiffusion. Both fluorescein and albumin appeared in a related fashion in tears, being absent in washings of placebo-treated control eyes. Extravasation of fluorescein can be used as a measure for plasma leakage in the conjunctiva with the advantage over the Evans Blue method that the former is a non-invasive method

On shifting ground

This research paper explores some of the transition/tension between the past and the present (old and the new) in the current socio/political transformation. Through the trajectory of my own Norwegian background, I will investigate the use of heritage and ‘soft’ nationalism within formation of national identity, and look at some artists’ response to the current political discourse, through both their art making or writing. By investigating two distinctive symbols of national heritage, the bunad and Borre National Park, I hope to shine light on the complicated balancing act of the dichotomy between inclusion and exclusion when embracing national identity through a common history. The bunad is an increasingly popular, semi-invented national costume, and Borre is the largest burial site from the Viking era in Scandinavia. Furthermore, I will also explore social anthropological thinking around Eric Hobsnawn’s concept of ‘the invention of tradition’. The paper will look at the significance of the landscape and geographical identity, as well as the symbioses between place and the concept of the nation state. Inserted into this, I will discuss some of the outcomes from the intense changeover from analogue technologies to the digital—generating new practices working across the mediums of photography, film/video and the digital. The hybrid medium specificity of the still-motion is of particular interest to my art practice. This video-formatted offspring of the slideshow allows for an expansion of the photographic medium, by viewing it through a cinematic frame, and in the process generating new narrative opportunities and registration of time. Finally, all the concerns articulated in this research will inform my final artwork exhibited in the SCA Postgraduate Degree show in December 2014; a two-piece video installation entitled On Shifting Ground

Effects of switching to PI monotherapy on measures of lipoatrophy: meta-analysis of six randomized HIV clinical trials

Background: Switching from triple combination treatment to protease inhibitor (PI) monotherapy may prevent or reverse adverse events related to long-term nucleoside analogues. Lipoatrophy is associated with long-term use of thymidine analogues (zidovudine and stavudine). Methods: A detailed MEDLINE search was conducted to identify randomised clinical trials of triple combination treatment versus PI monotherapy. Summary results from analysis of changes in body composition (DEXA analysis) were collected: the mean change in limb fat and trunk fat to Week 48 or 96, and the percentage of patients with lipoatrophy (20% reduction from baseline in limb fat) or lipohypertrophy (20% rise from baseline in trunk fat). Results: Six randomised trials of PI monotherapy versus triple therapy with data on body composition changes, measured by DEXA scanning at baseline and Week 48 or 96, were identified: Abbott-613 (LPV/r vs ZDV/3TC/EFV, induction-maintenance trial, n=105), Monark (LPV/r vs ZDV/3TC/LPV/r, first-line trial, n=63), Kalesolo (LPV/r vs LPV/r +2NRTIs, switch trial, n=42), MONOI (DRV/r vs DRV/r + 2NRTIs, switch trial, n=156), MONARCH (DRV/r vs DRV/r + 2NRTIs, switch trial, n=30) and KRETA (LPV/r vs LPV/r + ABC/3TC, switch trial, n=74). In the meta-analysis, there were greater rises in limb fat in the PI monotherapy arms than the triple therapy arms (mean difference =277g, 95% CI=+36 to+517g, p=0.024). The percentage of patients with lipoatrophy was significantly lower in the PI monotherapy arms (4%) than the triple therapy arms (20%), (p=0.0005). There was no difference between PI monotherapy and triple therapy for mean change in trunk fat (mean difference=−73g, 95% CI = −621 to +475g, p=ns). There was also no significant difference in the risk of lipohypertrophy between the PI monotherapy arms (32%) and the triple therapy arms (27%) (p=ns). In each of the four analyses, there was no evidence for heterogeneity of treatment effects between the trials (Cochran's Q tests, p=ns for each comparison). Conclusions: In this meta-analysis, the risk of lipoatrophy was significantly lower for patients taking PI monotherapy, compared to triple therapy. There was no significant difference between the arms for lipohypertrophy. However, several of the trials included zidovudine in the control arm, which carries a higher risk of lipoatrophy than tenofovir and abacavir, which are now more widely used

Forced Imbibition - a Tool for Determining Laplace Pressure, Drag Force and Slip Length in Capillary Filling Experiments

When a very thin capillary is inserted into a liquid, the liquid is sucked into it: this imbibition process is controlled by a balance of capillary and drag forces, which are hard to quantify experimentally, in particularly considering flow on the nanoscale. By computer experiments using a generic coarse-grained model, it is shown that an analysis of imbibition forced by a controllable external pressure quantifies relevant physical parameter such as the Laplace pressure, Darcy's permeability, effective pore radius, effective viscosity, dynamic contact angle and slip length of the fluid flowing into the pore. In determining all these parameters independently, the consistency of our analysis of such forced imbibition processes is demonstrated.Comment: 4 pages, 5 figure