Using third-party services for credential theft

Introduction

In this article, we discuss the security of third-party services which perform specialized functions, such as storing user credentials or logging in on behalf of the user. We’ll look at an overview of how these services work, how to ensure that you actually observe proper cyberhygiene to prevent being hacked, whether or not you should trust your credentials to such third-party services and, finally, discuss how hackers manage to breach these solutions.

Overview of third-party app functionality

Third-party applications allow you to manage activities that otherwise would be tedious to accomplish manually. These activities would for instance be, for example, signing into accounts or managing multiple different sets of credentials. The sensitivity of such third-party applications has motivated attackers to invest time into finding vulnerabilities that could allow them to comfortably perform account takeovers.

Finance managers

Managing your finances can be a very difficult thing to do today with all the expenses that one suffers on a monthly basis. It is because of this that some companies such as Intuit have come up with finance managing solutions that help people manage their expenditure.

For the most part, finance managers work by collecting all your expenditure and organizing it in an easy-to-understand format. The benefits are numerous, but in summary are as follows:

  1. They allow you to create budgets that allow you to project for the future
  2. They allow you visualize your bills and remaining money
  3. They allow you receive notifications when unusual expenditure is detected

Mint is one of the most popular budgeting apps because it is free and easy to set up. Together with other finance managers, Mint allows users to input account information for their banks, PayPal, credit cards and debit cards, and aggregates all this information in a manner that is easy to interpret. Bills, loans (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Lester Obbayi. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/8dkL95Bwg-M/