Vulnerability of relying party Web sites. When you sign on to your Facebook account,...

Vulnerability of relying party Web sites. When you sign on to your Facebook account, you are granted access to more than 1 million relying party (RP) Web sites. This single sign-on (SSO) scheme is enabled by OAuth 2.0, an open and standardized Web resource authorization protocol. Although the protocol claims to be secure, there is anecdotal evidence of critical vulnerabilities that allow an attacker to gain unauthorized access to the user’s profile and allow the attacker to impersonate the victim on the RP Web site. Computer and systems engineers at the University of British Columbia investigated the vulnerability of relying party Web sites and presented their results at the Proceedings of the 5th AMC Workshop on Computers & Communication Security (Oct. 2012). RP Web sites were categorized as server-flow or client- flow Web sites. Of the 40 server-flow sites studied, 20 were found to be vulnerable to impersonation attacks. Of the 54 client-flow sites examined, 41 were found to be vulnerable to impersonation attacks. Do these results indicate that a client-flow Web site is more likely to be vulnerable to an impersonation attack than a client-flow Web site? Test using α = .01.