Analysing the Security of Google's implementation of OpenID Connect

Many millions of users routinely use their Google accounts to log in to relying party (RP) websites supporting the Google OpenID Connect service. OpenID Connect, a newly standardised single-sign-on protocol, builds an identity layer on top of the OAuth 2.0 protocol, which has itself been widely adopted to support identity management services. It adds identity management functionality to the OAuth 2.0 system and allows an RP to obtain assurances regarding the authenticity of an end user. A number of authors have analysed the security of the OAuth 2.0 protocol, but whether OpenID Connect is secure in practice remains an open question. We report on a large-scale practical study of Google's implementation of OpenID Connect, involving forensic examination of 103 RP websites which support its use for sign-in. Our study reveals serious vulnerabilities of a number of types, all of which allow an attacker to log in to an RP website as a victim user. Further examination suggests that these vulnerabilities are caused by a combination of Google's design of its OpenID Connect service and RP developers making design decisions which sacrifice security for simplicity of implementation. We also give practical recommendations for both RPs and OPs to help improve the security of real world OpenID Connect systems

Dephasing in Metals by Two-Level Systems in the 2-Channel-Kondo Regime

We point out a novel, non-universal contribution to the dephasing rate 1/\tau_\phi \equiv \gamma_\phi of conduction electrons in metallic systems: scattering off non-magnetic two-level systems (TLSs) having almost degenerate Kondo ground states. In the regime \Delta_{ren} < T < T_K (\Delta_{ren} = renormalized level splitting, T_K = Kondo temperature), such TLSs exhibit non-Fermi-liquid physics that can cause \gamma_\phi, which generally decreases with decreasing T, to seemingly saturate in a limited temperature range before vanishing for T \to 0. This could explain the saturation of dephasing recently observed in gold wires [Mohanty et al. Phys. Rev. Lett. 78, 3366 (1997)].Comment: Final published version, including minor improvements suggested by referees. 4 pages, Revtex, 1 figur

A cross-sectional study of psychological complaints and quality of life in severely injured patients

Purpose: The purpose of this study was to examine the incidence of psychological complaints and the relationship of these complaints with the quality of life (QOL) and accident- and patient-related factors among severely injured patients after the rehabilitation phase. Methods: Patients of 18 years or older with an injury severity score above 15 were included 15-53 months after their accident. Accident and patient characteristics were obtained from questionnaires and the trauma registry. Several questionnaires (Hospital Anxiety and Depression Scale, Impact of Events Scale, and Cognitive Failure Questionnaire) were used to determine the symptoms of psychological problems (anxiety or depression, post-traumatic stress disorder, or subjective cognitive complaints, respectively). The World Health Organization Quality of Life-Bref was used to determine QOL. A reference group of the Dutch general population was used for comparison of QOL scores. Results: The participation rate was 62 % (n = 173). At the time of the study, 30.1 % (n = 52) of the investigated patients had psychological complaints. No relation between psychological complaints and somatic severity or type of injury was found. Patients who were employed before the accident or resumed working reported less psychological complaints. Use of any medication before the accident and treatment for pre-accidental psychological problems were positively related to psychological complaints afterwards. QOL of severely injured patients was impaired in comparison with the general Dutch population, but only for those with psychological complaints. Conclusions: Psychological complaints seem to be an important and underestimated factor for a decreased QOL among severely injured patients

Quality of life in severely injured patients depends on psychosocial factors rather than on severity or type of injury

Background: Former studies have demonstrated that health-related quality of life is decreased in severely injured patients. However, in those studies patients were asked about their functioning and not about their (dis)contentment concerning their functioning. Little is known about how severely injured patients experience their quality of life (QOL). The objective of this cross-sectional study was to measure this subjective QOL of severely injured patients after their rehabilitation phase and to examine which accident- and patient-related factors affect the QOL of these patients. Methods: Patients of 18 years or older with an injury severity score (ISS) above 15 were included 15-53 months after their accident. Comorbidity before the accident, accident and sociodemographic characteristics, and QOL were obtained from the trauma registry and questionnaires. The WHOQOL-BREF was used to measure QOL. A reference group of the Dutch general population was used for comparison. Results: The participation rate was 61% (n = 173). Compared with the reference data, severely injured patients experienced a significantly worse QOL in all domains except social relations. The QOL scores were significantly decreased in all domains for patients with intracranial injury in combination with other injuries. Patients with a severe intracranial injury (AIS > 3) only reported significantly impaired QOL in the general and physical domains. Patients who resumed working or lived with others had significantly higher scores in all domains of QOL than patients who did not work anymore or were living alone. Significantly lower QOL scores were obtained from patients with comorbidity before the accident and from patients with longer durations of intensive care unit (ICU) treatment or hospitalisation. Gender, accident characteristics and time since the accident did not appear to be important for experienced QOL. Conclusions: The experience of impaired QOL appears to depend on living alone, inability to return to work and pre-accidental comorbidity rather than on the injured body area or the severity of the injury. Duration of hospital or ICU stay is important to subsequent QOL, even if ISS or body region is not