Security Issues in OAuth 2.0 SSO Implementations

Abstract. Many Chinese websites (relying parties) use OAuth 2.0 as the basis of a single sign-on service to ease password management for users. Many sites support five or more different OAuth 2.0 identity providers, giving users choice in their trust point. However, although OAuth 2.0 has been widely implemented (particularly in China), little attention has been paid to security in practice. In this paper we report on a detailed study of OAuth 2.0 implementation security for ten major identity providers and 60 relying parties, all based in China. This study reveals two critical vulnerabilities present in many implementations, both allowing an attacker to control a victim user’s accounts at a relying party without knowing the user’s account name or password. We provide sim-ple, practical recommendations for identity providers and relying parties to enable them to mitigate these vulnerabilities. The vulnerabilities have been reported to the parties concerned.

Sextupole correction magnets for the Large Hadron Collider

About 2500 superconducting sextupole corrector magnets (MCS) are needed for the Large Hadron Collider (LHC) at CERN to compensate persistent current sextupole fields of the main dipoles. The MCS is a cold bore magnet with iron yoke. The coils are made from a NbTi conductor, which is cooled to 1.9 K. In the original CERN design 6 individual sub-coils, made from a monolithic composite conductor, are assembled and spliced together to form the sextupole. The coils are individually wound around precision-machined central islands and stabilized with matching saddle pieces at both ends. The Advanced Magnet Lab, Inc. (AML) has produced an alternative design, which gives improved performance and reliability at reduced manufacturing cost. In the AML design, the magnet consists of three splice-free sub-coils, which are placed with an automated winding process into pockets of prefabricated G-11 support cylinders. Any assembly process of sub-coils with potential misalignment is eliminated. The AML magnet uses a Kapton-wrapped mini-cable, which allows helium penetration into the vicinity of the conductor, increasing its cryogenic stability. Eliminating all internal splices from the magnet significantly reduces heat loads and the risk of magnet failure during operation. A tested prototype reached the critical current limit of the conductor in the first quench. (3 refs)

Use of specific Green's functions for solving direct problems involving a heterogeneous rigid frame porous medium slab solicited by acoustic waves

A domain integral method employing a specific Green's function (i.e., incorporating some features of the global problem of wave propagation in an inhomogeneous medium) is developed for solving direct and inverse scattering problems relative to slab-like macroscopically inhomogeneous porous obstacles. It is shown how to numerically solve such problems, involving both spatially-varying density and compressibility, by means of an iterative scheme initialized with a Born approximation. A numerical solution is obtained for a canonical problem involving a two-layer slab.Comment: submitted to Math.Meth.Appl.Sc

Safety and immunogenicity of a chimpanzee adenovirus-vectored Ebola vaccine in healthy adults: a randomised, double-blind, placebo-controlled, dose-finding, phase 1/2a study.

BACKGROUND: The ongoing Ebola outbreak led to accelerated efforts to test vaccine candidates. On the basis of a request by WHO, we aimed to assess the safety and immunogenicity of the monovalent, recombinant, chimpanzee adenovirus type-3 vector-based Ebola Zaire vaccine (ChAd3-EBO-Z). METHODS: We did this randomised, double-blind, placebo-controlled, dose-finding, phase 1/2a trial at the Centre Hospitalier Universitaire Vaudois, Lausanne, Switzerland. Participants (aged 18-65 years) were randomly assigned (2:2:1), via two computer-generated randomisation lists for individuals potentially deployed in endemic areas and those not deployed, to receive a single intramuscular dose of high-dose vaccine (5 × 10(10) viral particles), low-dose vaccine (2·5 × 10(10) viral particles), or placebo. Deployed participants were allocated to only the vaccine groups. Group allocation was concealed from non-deployed participants, investigators, and outcome assessors. The safety evaluation was not masked for potentially deployed participants, who were therefore not included in the safety analysis for comparison between the vaccine doses and placebo, but were pooled with the non-deployed group to compare immunogenicity. The main objectives were safety and immunogenicity of ChAd3-EBO-Z. We did analysis by intention to treat. This trial is registered with ClinicalTrials.gov, number NCT02289027. FINDINGS: Between Oct 24, 2014, and June 22, 2015, we randomly assigned 120 participants, of whom 18 (15%) were potentially deployed and 102 (85%) were non-deployed, to receive high-dose vaccine (n=49), low-dose vaccine (n=51), or placebo (n=20). Participants were followed up for 6 months. No vaccine-related serious adverse events were reported. We recorded local adverse events in 30 (75%) of 40 participants in the high-dose group, 33 (79%) of 42 participants in the low-dose group, and five (25%) of 20 participants in the placebo group. Fatigue or malaise was the most common systemic adverse event, reported in 25 (62%) participants in the high-dose group, 25 (60%) participants in the low-dose group, and five (25%) participants in the placebo group, followed by headache, reported in 23 (57%), 25 (60%), and three (15%) participants, respectively. Fever occurred 24 h after injection in 12 (30%) participants in the high-dose group and 11 (26%) participants in the low-dose group versus one (5%) participant in the placebo group. Geometric mean concentrations of IgG antibodies against Ebola glycoprotein peaked on day 28 at 51 μg/mL (95% CI 41·1-63·3) in the high-dose group, 44·9 μg/mL (25·8-56·3) in the low-dose group, and 5·2 μg/mL (3·5-7·6) in the placebo group, with respective response rates of 96% (95% CI 85·7-99·5), 96% (86·5-99·5), and 5% (0·1-24·9). Geometric mean concentrations decreased by day 180 to 25·5 μg/mL (95% CI 20·6-31·5) in the high-dose group, 22·1 μg/mL (19·3-28·6) in the low-dose group, and 3·2 μg/mL (2·4-4·9) in the placebo group. 28 (57%) participants given high-dose vaccine and 31 (61%) participants given low-dose vaccine developed glycoprotein-specific CD4 cell responses, and 33 (67%) and 35 (69%), respectively, developed CD8 responses. INTERPRETATION: ChAd3-EBO-Z was safe and well tolerated, although mild to moderate systemic adverse events were common. A single dose was immunogenic in almost all vaccine recipients. Antibody responses were still significantly present at 6 months. There was no significant difference between doses for safety and immunogenicity outcomes. This acceptable safety profile provides a reliable basis to proceed with phase 2 and phase 3 efficacy trials in Africa. FUNDING: Swiss State Secretariat for Education, Research and Innovation (SERI), through the EU Horizon 2020 Research and Innovation Programme

Assessment of resolution and intercenter reproducibility of results of genotyping Staphylococcus aureus by pulsed-field gel electrophoresis of SmaI macrorestriction fragments: a multicenter study

Twenty well-characterized isolates of methicillin-resistant Staphylococcus aureus were used to study the optimal resolution and interlaboratory reproducibility of pulsed-field gel electrophoresis (PFGE) of DNA macrorestriction fragments. Five identical isolates (one PFGE type), 5 isolates that produced related PFGE subtypes, and 10 isolates with unique PFGE patterns were analyzed blindly in 12 different laboratories by in-house protocols. In several laboratories a standardized PFGE protocol with a commercial kit was applied successfully as well. Eight of the centers correctly identified the genetic homogeneity of the identical isolates by both the in-house and standard protocols. Four of 12 laboratories failed to produce interpretable data by the standardized protocol, due to technical problems (primarily plug preparation). With the five rel

Expenditure Reform in Industrialised Countries: A Case Study Approach

This study examines reforms of public expenditure in industrialised countries over the past two decades. We distinguish ambitious and timid reformers and analyse in detail reform experiences in eight case studies of ambitious reform episodes. We find that ambitious reform countries reduce spending on transfers, subsidies and public consumption while largely sparing education spending. Such expenditure retrenchment is also typically part of a comprehensive reform package that includes improvements in fiscal institutions as well as structural and other macroeconomic reforms. The study finds that ambitious expenditure retrenchment and reform coincides with large improvements in fiscal and economic growth indicators

A monovalent chimpanzee adenovirus Ebola vaccine boosted with MVA

BACKGROUND The West African outbreak of Ebola virus disease that peaked in 2014 has caused more than 11,000 deaths. The development of an effective Ebola vaccine is a priority for control of a future outbreak. METHODS In this phase 1 study, we administered a single dose of the chimpanzee adenovirus 3 (ChAd3) vaccine encoding the surface glycoprotein of Zaire ebolavirus (ZEBOV) to 60 healthy adult volunteers in Oxford, United Kingdom. The vaccine was administered in three dose levels — 1×1010 viral particles, 2.5×1010 viral particles, and 5×1010 viral particles — with 20 participants in each group. We then assessed the effect of adding a booster dose of a modified vaccinia Ankara (MVA) strain, encoding the same Ebola virus glyco- protein, in 30 of the 60 participants and evaluated a reduced prime–boost interval in another 16 participants. We also compared antibody responses to inactivated whole Ebola virus virions and neutralizing antibody activity with those observed in phase 1 studies of a recombinant vesicular stomatitis virus–based vaccine expressing a ZEBOV glycoprotein (rVSV-ZEBOV) to determine relative potency and assess durability. RESULTS No safety concerns were identified at any of the dose levels studied. Four weeks after immunization with the ChAd3 vaccine, ZEBOV-specific antibody responses were similar to those induced by rVSV-ZEBOV vaccination, with a geometric mean titer of 752 and 921, respectively. ZEBOV neutralization activity was also similar with the two vaccines (geo- metric mean titer, 14.9 and 22.2, respectively). Boosting with the MVA vector increased virus-specific antibodies by a factor of 12 (geometric mean titer, 9007) and increased glycoprotein-specific CD8+ T cells by a factor of 5. Significant increases in neutralizing antibodies were seen after boosting in all 30 participants (geometric mean titer, 139; P<0.001). Virus-specific antibody responses in participants primed with ChAd3 remained positive 6 months after vaccination (geometric mean titer, 758) but were significantly higher in those who had received the MVA booster (geometric mean titer, 1750; P<0.001). CONCLUSIONS The ChAd3 vaccine boosted with MVA elicited B-cell and T-cell immune responses to ZEBOV that were superior to those induced by the ChAd3 vaccine alone. (Funded by the Wellcome Trust and others; ClinicalTrials.gov number, NCT02240875.

The Effects of Voluntary, Involuntary, and Forced Exercises on Brain-Derived Neurotrophic Factor and Motor Function Recovery: A Rat Brain Ischemia Model

Author name used in this publication: Xiao-Xiang ZhengAuthor name used in this publication: Kai-Yu Tong2010-2011 > Academic research: refereed > Publication in refereed journalpublished_fina