Your Code Is My Code: Exploiting a Common Weakness in OAuth 2.0 Implementations

Many millions of users routinely use their Google, Facebook and Microsoft accounts to log in to websites supporting OAuth 2.0-based single sign on. The security of OAuth 2.0 is therefore of critical importance, and it has been widely examined both in theory and in practice. In this paper we disclose a new class of practical attacks on OAuth 2.0 implementations, which we call Partial Redirection URI Manipulation Attacks. An attack of this type can be used by an attacker to gain a victim user’s OAuth 2.0 code (a token representing a right to access user data) without the user’s knowledge; this code can then be used to impersonate the user to the relevant relying party website. We examined 27 leading OAuth 2.0 identity providers, and found that 19 of them are vulnerable to these attacks

Analysing the Security of Google's implementation of OpenID Connect

Many millions of users routinely use their Google accounts to log in to relying party (RP) websites supporting the Google OpenID Connect service. OpenID Connect, a newly standardised single-sign-on protocol, builds an identity layer on top of the OAuth 2.0 protocol, which has itself been widely adopted to support identity management services. It adds identity management functionality to the OAuth 2.0 system and allows an RP to obtain assurances regarding the authenticity of an end user. A number of authors have analysed the security of the OAuth 2.0 protocol, but whether OpenID Connect is secure in practice remains an open question. We report on a large-scale practical study of Google's implementation of OpenID Connect, involving forensic examination of 103 RP websites which support its use for sign-in. Our study reveals serious vulnerabilities of a number of types, all of which allow an attacker to log in to an RP website as a victim user. Further examination suggests that these vulnerabilities are caused by a combination of Google's design of its OpenID Connect service and RP developers making design decisions which sacrifice security for simplicity of implementation. We also give practical recommendations for both RPs and OPs to help improve the security of real world OpenID Connect systems

C-Reactive Protein Gene Variants Are Associated with Postoperative C-reactive Protein Levels After Coronary Artery Bypass Surgery

Background: Elevated baseline C-reactive protein (CRP) levels are associated with increased risk for developing cardiovascular disease. Several CRP gene variants have been associated with altered baseline CRP levels in ambulatory populations. However, the influence of CRP gene variants on CRP levels during inflammatory states, such as surgery, is largely unexplored. We describe the association between candidate CRP gene variants and postoperative plasma CRP levels in patients undergoing primary, elective coronary artery bypass graft (CABG) surgery with cardiopulmonary bypass (CPB). Methods: Using a multicenter candidate gene association study design, we examined the association between seventeen candidate CRP single nucleotide polymorphisms (SNPs) and inferred haplotypes, and altered postoperative CRP levels in 604 patients undergoing CABG surgery with CPB. Perioperative CRP levels were measured immediately prior to surgery, post-CPB and on postoperative days (POD) 1–4. Results: CRP levels were significantly elevated at all postoperative time points when compared with preoperative levels (P < 0.0001). After adjusting for clinical covariates, the minor allele of the synonymous coding SNP, rs1800947 was associated with lower peak postoperative CRP levels ($P = 2.4 × 10^{-4}$) and lower CRP levels across all postoperative time points ($P = 4.8 × 10^{-5}$). rs1800947 remained highly significant after Bonferroni adjustment for multiple comparisons. Conclusion: We identified a CRP gene SNP associated with lower postoperative CRP levels in patients undergoing CABG surgery with CPB. Further investigation is needed to clarify the significance of this association between CRP gene variants and the acute-phase rise in postoperative CRP levels with regard to the risk of adverse postoperative outcomes

Monosomal Karyotype at the Time of Diagnosis or Transplantation Predicts Outcomes of Allogeneic Hematopoietic Cell Transplantation in Myelodysplastic Syndrome

AbstractVarious cytogenetic risk scoring systems may determine prognosis for patients with myelodysplastic syndromes (MDS). We evaluated 4 different risk scoring systems in predicting outcome after allogeneic hematopoietic cell transplantation (alloHCT). We classified 124 patients with MDS using the International Prognostic Scoring System (IPSS), the revised International Prognostic Scoring System (R-IPSS), Armand's transplantation-specific cytogenetic grouping, and monosomal karyotype (MK) both at the time of diagnosis and at alloHCT. After adjusting for other important factors, MK at diagnosis (compared with no MK) was associated with poor 3-year disease-free survival (DFS) (27% [95% confidence interval, 12% to 42%] versus 39% [95% confidence interval, 28% to 50%], P = .02) and overall survival (OS) (29% [95% confidence interval, 14% to 44%] versus 47% [95% confidence interval, 36% to 59%], P = .02). OS but not DFS was affected by MK at alloHCT. MK frequency was uncommon in low-score R-IPPS and IPSS. Although IPSS and R-IPSS discriminated good/very good groups from poor/very poor groups, patients with intermediate-risk scores had the worst outcomes and, therefore, these scores did not show a progressive linear discriminating trend. Cytogenetic risk score change between diagnosis and alloHCT was uncommon and did not influence OS. MK cytogenetics in MDS are associated with poor survival, suggesting the need for alternative or intensified approaches to their treatment

Joint analysis of left ventricular expression and circulating plasma levels of Omentin after myocardial ischemia

BACKGROUND: Omentin-1, also known as Intelectin-1 (ITLN1), is an adipokine with plasma levels associated with diabetes, obesity, and coronary artery disease. Recent studies suggest that ITLN1 can mitigate myocardial ischemic injury but the expression of ITLN1 in the heart itself has not been well characterized. The purpose of this study is to discern the relationship between the expression pattern of ITLN1 RNA in the human heart and the level of circulating ITLN1 protein in plasma from the same patients following myocardial ischemia. METHODS: A large cohort of patients (n = 140) undergoing elective cardiac surgery for aortic valve replacement were enrolled in this study. Plasma and left ventricular biopsy samples were taken at the beginning of cardiopulmonary bypass and after an average of 82 min of ischemic cross clamp time. The localization of ITLN1 in epicardial adipose tissue (EAT) was also further characterized with immunoassays and cell fate transition studies. RESULTS: mRNA expression of ITLN1 decreases in left ventricular tissue after acute ischemia in human patients (mean difference 280.48, p = 0.001) whereas plasma protein levels of ITLN1 increase (mean difference 5.24, p \u3c 0.001). Immunohistochemistry localized ITLN1 to the mesothelium or visceral pericardium of EAT. Epithelial to mesenchymal transition in mesothelial cells leads to a downregulation of ITLN1 expression. CONCLUSIONS: Myocardial injury leads to a decrease in ITLN1 expression in the heart and a corresponding increase in plasma levels. These changes may in part be due to an epithelial to mesenchymal transition of the cells that express ITLN1 following ischemia. Trial Registration Clinicaltrials.gov ID: NCT00985049

Circulating Angiogenic Factors Associated with Response and Survival in Patients with Acute Graft-versus-Host Disease: Results from Blood and Marrow Transplant Clinical Trials Network 0302 and 0802

AbstractCirculating angiogenic factors (AF) reflect tissue healing capacity, although some AF can also contribute to inflammation and are indicative of endothelial dysfunction. The AF milieu in acute graft-versus-host disease (aGVHD) has not been broadly characterized. We hypothesized that patients with abundant AF involved in repair/regeneration versus those mediating damage/inflammation would have improved outcomes. Circulating AF known predominantly for repair/regeneration (epidermal growth factor [EGF], fibroblast growth factor-1 and -2, heparin binding–EGF–like growth factor, and vascular endothelial growth factor-A [VEGF-A], -C, and -D) and for damage/inflammation (angiopoietin-2, endothelin-1, soluble endoglin [sEng], follistatin [FS], leptin, and placental growth factor [PlGF]) were measured in a discovery set of hematopoietic cell recipients with grade III and IV aGVHD and compared with controls, then validated in 2 aGVHD cohorts enrolled in Blood and Marrow Transplant Clinical Trials Network (BMT CTN) trials 0302 (n = 105, serum) and 0802 (n = 158, plasma) versus controls without aGVHD (n = 53, serum). Levels of EGF and VEGF-A were lower than in controls at the onset of aGVHD in both trials and higher with complete response to first-line aGVHD therapy in CTN 0802. FS and PlGF were elevated in aGVHD measured in either serum or plasma. At day 28 after initial aGVHD therapy, elevated FS was an independent negative prognostic factor for survival in both cohorts (hazard ratio, 9.3 in CTN 0302; 2.8 in CTN 0802). These data suggest that circulating AF are associated with clinical outcomes after aGVHD and, thus, may contribute to both pathogenesis and recovery