Analysing the Security of Google's implementation of OpenID Connect

Many millions of users routinely use their Google accounts to log in to relying party (RP) websites supporting the Google OpenID Connect service. OpenID Connect, a newly standardised single-sign-on protocol, builds an identity layer on top of the OAuth 2.0 protocol, which has itself been widely adopted to support identity management services. It adds identity management functionality to the OAuth 2.0 system and allows an RP to obtain assurances regarding the authenticity of an end user. A number of authors have analysed the security of the OAuth 2.0 protocol, but whether OpenID Connect is secure in practice remains an open question. We report on a large-scale practical study of Google's implementation of OpenID Connect, involving forensic examination of 103 RP websites which support its use for sign-in. Our study reveals serious vulnerabilities of a number of types, all of which allow an attacker to log in to an RP website as a victim user. Further examination suggests that these vulnerabilities are caused by a combination of Google's design of its OpenID Connect service and RP developers making design decisions which sacrifice security for simplicity of implementation. We also give practical recommendations for both RPs and OPs to help improve the security of real world OpenID Connect systems

Are two interviews better than one? Eyewitness memory across repeated cognitive interviews

Eyewitnesses to a filmed event were interviewed twice using a Cognitive Interview to examine the effects of variations in delay between the repeated interviews (immediately & 2 days; immediately & 7 days; 7 & 9 days) and the identity of the interviewers (same or different across the two repeated interviews). Hypermnesia (an increase in total amount of information recalled in the repeated interview) occurred without any decrease in the overall accuracy. Reminiscence (the recall of new information in the repeated interview) was also found in all conditions but was least apparent in the longest delay condition, and came with little cost to the overall accuracy of information gathered. The number of errors, increased across the interviews, but the relative accuracy of participants’ responses was unaffected. However, when accuracy was calculated based on all unique details provided across both interviews and compared to the accuracy of recall in just the first interview it was found to be slightly lower. The identity of the interviewer (whether the same or different across interviews) had no effects on the number of correct details. There was an increase in recall of new details with little cost to the overall accuracy of information gathered. Importantly, these results suggest that witnesses are unlikely to report everything they remember during a single Cognitive Interview, however exhaustive, and a second opportunity to recall information about the events in question may provide investigators with additional information

Orthographic facilitation in oral vocabulary acquisition

An experiment investigated whether exposure to orthography facilitates oral vocabulary learning. A total of 58 typically developing children aged 8-9 years were taught 12 nonwords. Children were trained to associate novel phonological forms with pictures of novel objects. Pictures were used as referents to represent novel word meanings. For half of the nonwords children were additionally exposed to orthography, although they were not alerted to its presence, nor were they instructed to use it. After this training phase a nonword-picture matching posttest was used to assess learning of nonword meaning, and a spelling posttest was used to assess learning of nonword orthography. Children showed robust learning for novel spelling patterns after incidental exposure to orthography. Further, we observed stronger learning for nonword-referent pairings trained with orthography. The degree of orthographic facilitation observed in posttests was related to children's reading levels, with more advanced readers showing more benefit from the presence of orthography

Regulation of seed germination in the close Arabidopsis relative Lepidium sativum : a global tissue-specific transcript analysis

The completion of germination in Lepidium sativum and other endospermic seeds (e.g. Arabidopsis [Arabidopsis thaliana]) is regulated by two opposing forces, the growth potential of the radicle (RAD) and the resistance to this growth from the micropylar endosperm cap (CAP) surrounding it. We show by puncture force measurement that the CAP progressively weakens during germination, and we have conducted a time-course transcript analysis of RAD and CAP tissues throughout this process. We have also used specific inhibitors to investigate the importance of transcription, translation, and posttranslation levels of regulation of endosperm weakening in isolated CAPs. Although the impact of inhibiting translation is greater, both transcription and translation are required for the completion of endosperm weakening in the whole seed population. The majority of genes expressed during this process occur in both tissues, but where they are uniquely expressed, or significantly differentially expressed between tissues, this relates to the functions of the RAD as growing tissue and the CAP as a regulator of germination through weakening. More detailed analysis showed that putative orthologs of cell wall-remodeling genes are expressed in a complex manner during CAP weakening, suggesting distinct roles in the RAD and CAP. Expression patterns are also consistent with the CAP being a receptor for environmental signals influencing germination. Inhibitors of the aspartic, serine, and cysteine proteases reduced the number of isolated CAPs in which weakening developed, and inhibition of the 26S proteasome resulted in its complete cessation. This indicates that targeted protein degradation is a major control point for endosperm weakening

A new estimation of the recent tropospheric molecular hydrogen budget using atmospheric observations and variational inversion

This paper presents an analysis of the recent tropospheric molecular hydrogen (H2) budget with a particular focus on soil uptake and European surface emissions. A variational inversion scheme is combined with observations from the RAMCES and EUROHYDROS atmospheric networks, which include continuous measurements performed between mid-2006 and mid-2009. Net H2 surface flux, then deposition velocity and surface emissions and finally, deposition velocity, biomass burning, anthropogenic and N2 fixation-related emissions were simultaneously inverted in several scenarios. These scenarios have focused on the sensibility of the soil uptake value to different spatio-temporal distributions. The range of variations of these diverse inversion sets generate an estimate of the uncertainty for each term of the H2 budget. The net H2 flux per region (High Northern Hemisphere, Tropics and High Southern Hemisphere) varies between −8 and +8 Tg yr−1. The best inversion in terms of fit to the observations combines updated prior surface emissions and a soil deposition velocity map that is based on bottom-up and top-down estimations. Our estimate of global H2 soil uptake is −59±9 Tg yr−1. Forty per cent of this uptake is located in the High Northern Hemisphere and 55% is located in the Tropics. In terms of surface emissions, seasonality is mainly driven by biomass burning emissions. The inferred European anthropogenic emissions are consistent with independent H2 emissions estimated using a H2/CO mass ratio of 0.034 and CO emissions within the range of their respective uncertainties. Additional constraints, such as isotopic measurements would be needed to infer a more robust partition of H2 sources and sinks

NLO automated tools for QCD and beyond

Theoretical predictions for scattering processes with multi-particle final states at next-to-leading order (NLO) in perturbative QCD are essential to fully exploit the physics potential of present and future high-energy colliders. The status of NLO QCD calculations and tools is reviewed.Comment: 13 pages, 2 tables, to appear in the proceedings of Linear Collider 2011 (Understanding QCD at linear colliders in searching for old and new physics), 12-16 September 2011, ECT*, Trento, Italy; added reference

Indicators to Measure Violence Against Women

1. This paper is prepared for the UN Expert Group Meeting on indicators to measure violence against women. The Expert Group Meeting is intended to support the work of the Statistical Commission and the Commission on the Status of Women in developing ‘a set of possible indicators on violence against women in order to assist States in assessing the scope, prevalence and incidence of violence against women’. 2. The paper includes: (i) an overview of existing major initiatives on indicators to measure violence against women; (ii) an assessment of the advantages and disadvantages of those initiatives; (iii) proposes criteria for the identification of a possible set of indicators on violence against women; (iv) summarises options and provides recommendations for a possible set of indicators to support countries to measure the scope, prevalence and incidence of violence against women; and (v) addresses the related data collection requirements and constraints and opportunities for overcoming these

Continuous and randomized defensive forecasting: unified view

Defensive forecasting is a method of transforming laws of probability (stated in game-theoretic terms as strategies for Sceptic) into forecasting algorithms. There are two known varieties of defensive forecasting: "continuous", in which Sceptic's moves are assumed to depend on the forecasts in a (semi)continuous manner and which produces deterministic forecasts, and "randomized", in which the dependence of Sceptic's moves on the forecasts is arbitrary and Forecaster's moves are allowed to be randomized. This note shows that the randomized variety can be obtained from the continuous variety by smearing Sceptic's moves to make them continuous.Comment: 10 pages. The new version: (1) relaxes the assumption that the outcome space is finite, and now it is only assumed to be compact; (2) shows that in the case where the outcome space is finite of cardinality C, the randomized forecasts can be chosen concentrated on a finite set of cardinality at most

Multi-Higgs boson production in the Standard Model and beyond

We present a calculation of the loop-induced processes gg -> HH and gg -> HHH, and investigate the observability of multi-Higgs boson production at the CERN Large Hadron Collider (LHC) in the Standard Model (SM) and beyond. While the SM cross sections are too small to allow observation at the LHC, we demonstrate that physics beyond the SM can lead to amplified, observable cross sections. Furthermore, the applicability of the heavy top quark approximation in two- and three-Higgs boson production is investigated. We conclude that multi-Higgs boson production at the SuperLHC is an interesting probe of Higgs sectors beyond the SM and warrants further study.Comment: 17 pages, 17 figure

Healthcare choice: Discourses, perceptions, experiences and practices

Policy discourse shaped by neoliberal ideology, with its emphasis on marketisation and competition, has highlighted the importance of choice in the context of healthcare and health systems globally. Yet, evidence about how so-called consumers perceive and experience healthcare choice is in short supply and limited to specific healthcare systems, primarily in the Global North. This special issue aims to explore how choice is perceived and utilised in the context of different systems of healthcare throughout the world, where choice, at least in policy and organisational terms, has been embedded for some time. The articles are divided into those emphasising: embodiment and the meaning of choice; social processes associated with choice; the uncertainties, risks and trust involved in making choices; and issues of access and inequality associated with enacting choice. These sociological studies reveal complexities not always captured in policy discourse and suggest that the commodification of healthcare is particularly problematic