Math student detects OAuth, OpenID security vulnerability

A major new vulnerability has been discovered in security protocols OAuth 2.0 and OpenID while the internet is still reeling from the Heartbleed bug.Ph.D student Wang Jing of Nanyang Technological University in Singapore spotted a bug that allows hackers to use phishing techniques in an attempt to steal login details without users knowing.The bug essentially allows cybercriminals to use real website authentication to power a phishing popup, instead of the more common tactic of faking the domain. In the process, hackers will receive the user's login credentials.The vulnerability affects many major websites, including Facebook, Google, Yahoo, LinkedIn, PayPal, and Microsoft.Bug trackingFacebook dismissed the threat when contacted by Wang, suggesting it would be impossible to plug the hole in the short term. Other firms like Google and Microsoft are either tracking the bug or have already concluded investigations.A workaround would involve using a whitelist for all applications on a website, but this would negat

Popular login services have a security hole, but Facebook and Microsoft can't fix it

The recent Heartbleed scare caused a huge stir, even though it was effectively fixed before it even happened. There are other sorts of security hole, however, which can't be plugged so readily, ...

Fri 2 May 14 from Engadget

Serious security flaw in OAuth and OpenID discovered

Malicious attackers can use the 'Covert Redirect' vulnerability in the OAuth 2.0 and OpenID open-source login systems to steal your personal info as well as redirect you to unsafe sites.

Fri 2 May 14 from CNET

Another Heartbleed? More flaws found in web security

A major new vulnerability has been discovered in security protocols OAuth 2.0 and OpenID while the internet is still reeling from the Heartbleed bug.Ph.D student Wang Jing of Nanyang Technological ...

Fri 2 May 14 from Techradar

  • Pages: 1

Bookmark

Bookmark and Share