Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
May 3, 2014
Chris
Login, Security
Comments Off on Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected

Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected

PreviousNext

Just a short notice rather than a real article, full story later (I need to check the facts): Several sources are posting about a recently discovered hard-to-fix bug in the extremely popular open-source authentication libraries/services OAuth and OpenID, used by lots of AAA-level sites, from PayPal to Facebook.

 

Articles:
cnet – Serious security flaw in OAuth, OpenID discovered
lifehacker – Security Flaw Found in OAuth and OpenID, Here’s What It Means for You
(german) zdnet – Schwere Sicherheitslücke in OAuth und OpenID entdeckt


Huge info-page by Wang Jing, the guy who has discovered the bug:
http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html


YouTube channel (of Wang Jing), showing reproduceable examples (on Facebook, LinkedIn and Google):
https://www.youtube.com/user/tetraph


Info video:

https://www.youtube.com/watch?v=HUE8VbbwUms


Reproduceable examples (taken from the above YouTube channel)

https://www.youtube.com/watch?v=iif6eq2cvso

https://www.youtube.com/watch?v=Y2-2Scp0pbs

https://www.youtube.com/watch?v=GyNGBuHNoJ0

 

Share this

Create a fast, perfect and bootable 1:1 Windows backup (full clone of HDD) for SSD migration

In this article I want to share a super-simple, extremely fast and totally free workflow with you that will create

Increase your HTML / CSS coding speed with EMMET

Codeninja.com just published a very interesting article about the excellent free code-completion/code-generation tool EMMET, which allows you to create huge

php-phalcon-logo

Which PHP-framework to learn in 2014 ? PHALCON, by far the fastest ever!

Hey guys, just a short little article between the years: If you have the possibility to learn and use a

You made a mess with Git ? Here’s a flowchart guideline on how to fix

Extremely useful. Originally created by Justin Hileman in the presentation Changing History, or How to Git pretty. You’ll also find

logo-internet-explorer

How to professionally test on old Internet Explorer versions

If you have (or want) to test your websites and applications on older versions of Internet Explorer, then there’s a

GitHub finally introduces repo traffic stats

It has been a veeeery long time, but finally GitHub has introduced private traffic stats for all projects. To open

anti block adblock

Show ads to ad-blockering visitors – with PageFair.com

Interesting news on the dramatically decreasing web ad market: There’s a new service called PageFair that does basically exactly what

php

PHP 5.6.0 RC1 is available

The first Release Candidate of PHP 5.6 is available here on php.net, as usual also for Windows systems. The RC

Frontend Ops Conf 2014 – Paul Irish: Delivering The Goods In Under 1000ms (40min video)

https://www.youtube.com/watch?v=E5lZ12Z889k

ilovepreloaders – A tumblr collection of preloader animations

An excellent collection of preloaders (GIFs, Movies and real ready-to-copy&paste code) here in this wonderful blog: http://ilovepreloaders.tumblr.com/ This thing just

1/4

Categories

Search

the-php-login-project
How to install php-login-one-file on Ubuntu 12.04 LTS
phpstorm-8
Ignore .idea folder from git in PHPStorm
digitalocean coupon
Free $10 coupon for DigitalOcean SSD cloud VPS hosting
How to show the available version of a package (before doing apt-get install)
times-new-roman
The Times talks about Times New Roman (3min video)
Soundcloud’s “VP of Engineering” about using SSDs
Perfect HTML email templates for perfect HTML emails (outlook!) with INK
harper reed about big data
Harper Reed – The magic and mystery of Big Data (30min video from Webstock’15)
git-php-deployment
Extremely simple deployment with PHPloy
mod-rewrite-ubuntu-14-04-lts
EOL lists of Ubuntu, Debian and CentOS for your server plannings
angularjs
Two excellent introductions into AngularJS by Todd Motto
[Link] Interesting: Designing a Nuclear Waste Warning Symbol That Will Still Make Sense in 10,000 Years
O’Reilly sells EVERY ebook for -50% right now!
js javascript
JavaScript Testing Tactics (21min video by Justin Searls)
hearthbleed-ssl-bug
The SSL Heartbleed bug explained in 30 seconds

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy