Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment Admin consent workflow is flawed (Score 1) 11

It does not allow the option of the admin approving the permission but still requiring that the user must consent. By skipping the user consent step, that increases the risk of a "drive by" attack where an attacker tricks a signed-in user into visiting a web page that includes Javascript which invokes the application (as a single page app so there is no need to know the Client Secret), automatically authenticates via SSO, and downloads the user's files without triggering any pop-up warning.
Although it has no Refresh Token, that rogue site would have access to the files as long as the Access Token lasts (by default one hour).

You should not visit any untrusted web sites, or sites that load untrusted adverts, while signed in to Entra ID SSO.

Comment It was all over by 1998 (Score 1) 134

I submitted my first Y2K fix to our products in 1989 and all of our software was fully tested by 1996. I still got lots of overtime as our Y2K team lead coming up to the deadline and even had authorization to use the corporate jet if there was any customer impacting emergency that could be solved faster on location but (as expected and planned for) nothing happened.

Comment She makes a good point, time to look elsewhere (Score 1) 162

There are some interesting alternative theories. For example Neil Turok (Higgs Chair of Theoretical Physics at the University of Edinburgh) argues that the Standard Model of particle physics is complete and his theory actually predicts many of the parameters.
https://youtu.be/d-hPmjjjC-I

Comment This allows large companies to use Linux (Score 2) 96

My company has been working with MSFT to pilot test these features. It enables us to offer the same security controls as we do for Windows and MacOS, so Linux laptops are now allowed on our network by security policy. I am currently using an Intune enrolled & compliant laptop with Ubuntu 22.04 LTS for my daily work with Office365, Teams etc. That was not possible last year. We block access from non-compliant laptops.

Slashdot Top Deals

Whoever dies with the most toys wins.

Working...