Political Wrinkles  

Go Back   Political Wrinkles > General Discussion > Tech Help, Electronics, & Gaming
Register FAQDonate PW Store PW Trivia Members List Calendar Search Today's Posts Mark Forums Read

Tech Help, Electronics, & Gaming Discuss Major security hole found in popular login protocols – and it won’t be fixed anytime at the General Discussion; this is a period of we messed up and won't fix it anytime soon... Major security hole found in popular ...

Reply
 
Share LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 05-03-2014, 10:49 PM
mlurp's Avatar
PW Enlightenment
 
Join Date: Mar 2008
Location: Flatlands
Gender: Male
Posts: 37,382
Thanks: 19,044
Thanked 10,864 Times in 8,473 Posts
Default Major security hole found in popular login protocols – and it won’t be fixed anytime

this is a period of we messed up and won't fix it anytime soon...


Quote:
Major security hole found in popular login protocols – and it won’t be fixed anytime soon

BGR.com By Chris Smith May 2, 2014 10:42 AM


PHOTO

Major security hole found in popular login protocols – and it won’t be fixed anytime soon.


Following the major Heartbleed security issue that affected millions of websites, a different vulnerability has been discovered that could have allowed hackers to steal certain personal data from users. CNET reports that a security flaw in the OAuth and OpenID online login protocols could be used to steal data and redirect users to malicious websites.

Dubbed “Covert Redirect,” the exploit masquerades as a login pop-up based on an affected site’s domain, which would easily fool unsuspecting Internet users. “For example, someone clicking on a malicious phishing link will get a pop-up window in Facebook, asking them to authorize the app,” the publication writes. “Instead of using a fake domain name that’s similar to trick users, the Covert Redirect flaw uses the real site address for authentication.”

Authorizing the app will lead to user data being released to the attacker instead of reaching a legitimate site like Facebook or Google. Thus, personal data including email addresses, birth dates, contact lists and even control of the account could be given to hackers.

Well I don't use either so that's two down.

One way to deal with potential attacks based on these exploits is to close any suspicious-looking tabs that pop up demanding login credentials for Facebook, Google, or other Internet services that use these open-source protocols.

The Covert Redirect exploit has been discovered by Wang Jing, a Ph.D student at the Nanyang Technological University in Singapore who already contacted Facebook about it. However, Facebook told him that while it “understood the risks associated with OAuth 2.0,” but fixing the bug is “something that can’t be accomplished in the short-term.” “Short of forcing every single application on the platform to use a whitelist,” a simple fix isn’t available
........................................... CONTINUED AT: .........................................
Major security hole found in popular login protocols ? and it won?t be fixed anytime soon
__________________


Improvise - Adapt - Over Come...
Reply With Quote
Reply

Tags
and, anytime, fixed, found, hole, login, major, popular, protocols, security, won’t

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Forum Jump


All times are GMT -5. The time now is 01:06 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, vBulletin Solutions, Inc.

Content Relevant URLs by vBSEO 3.2.0