Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
May 3, 2014
Chris
Login, Security
Comments Off on Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected

Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected

PreviousNext

Just a short notice rather than a real article, full story later (I need to check the facts): Several sources are posting about a recently discovered hard-to-fix bug in the extremely popular open-source authentication libraries/services OAuth and OpenID, used by lots of AAA-level sites, from PayPal to Facebook.

 

Articles:
cnet – Serious security flaw in OAuth, OpenID discovered
lifehacker – Security Flaw Found in OAuth and OpenID, Here’s What It Means for You

(german) zdnet – Schwere Sicherheitslücke in OAuth und OpenID entdeckt


Huge info-page by Wang Jing, the guy who has discovered the bug:

http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html


YouTube channel (of Wang Jing), showing reproduceable examples (on Facebook, LinkedIn and Google):

https://www.youtube.com/user/tetraph


Info video:

https://www.youtube.com/watch?v=HUE8VbbwUms


Reproduceable examples (taken from the above YouTube channel)

https://www.youtube.com/watch?v=iif6eq2cvso

https://www.youtube.com/watch?v=Y2-2Scp0pbs

https://www.youtube.com/watch?v=GyNGBuHNoJ0

 

Share this

Install Laravel 4 on Ubuntu 12.04 LTS (a how-to tutorial)

Laravel 4 is the big thing. Every blog talks about it, nearly every developer-twitter-account mentions it. Hmm, looks like everybody

phpstorm-8

PHPStorm 8 has just been released

The excellent PHP IDE PHPStorm just had a major release these days: Version 8 is out, coming with latest PHP

What’s new in PHPStorm 9

PHPStorm 9 has just been released a few days ago, and as a PHP developer you should definitly give it

git-php-deployment

Extremely simple deployment with PHPloy

Let me ask you a question: How mad do you get when you have to remember which files you edited

phpstorm 7.0 php

A perfect video tutorial to get started with xdebug in PHPStorm

Laracast just published an excellent short tutorial on how to get install xdebug in a local environment and how to

Dangerous Performance Myths in the Web (video talk by Thomas Lohner, PHPUG Latvia)

A very interesting talk from Latvia’s (not 100% sure) PHP usergroup meeting: Thomas Lohner (of SysEleven) explains why some of

PHPMyAdmin not found after installation ? Here’s a fix (Ubuntu 12.04) !

You just installed PHPMyAdmin but http://www.yourdomain.com/phpmyadmin just says “phpmyadmin not found” ? Try to create a link in /var/www like

mod-rewrite-ubuntu-14-04-lts

Which server OS version to choose ? Some EOL lists of Debian, Ubuntu and CentOS

Moving running projects (especially smaller ones that you’ve made for clients years ago) from an outdated and not-supported linux version

php

Awesome list of Design Patterns with PHP code examples

Probably one of the most useful GitHub repositories ever: Dominik Liebler has published a well-reseached and well-written (PSR coding guidelines

ilovepreloaders – A tumblr collection of preloader animations

An excellent collection of preloaders (GIFs, Movies and real ready-to-copy&paste code) here in this wonderful blog: http://ilovepreloaders.tumblr.com/ This thing just

1/4

Categories

Search

java
Interesting: code of the same application in PHP, Python, Ruby, Closure, node.js, Java and Go
How to hack time (KUNG FURY promo campaign)
Microsoft announces “holographic” 3D interfaces (promo video)
Install Laravel 4 on Ubuntu 12.04 LTS (a how-to tutorial)
twig
A 6min video introduction into Twig, the PHP templating engine
This picture shows the icon of blindness
How blind people use websites (video with Sina Bahram, blind accessibility researcher)
hearthbleed-ssl-bug
A quick guideline on how to fix the Hearthbleed bug (and update OpenSSL) on Ubuntu
php
How the PHP session garbage collector really works
php
Slides from International PHP Conference 2014
Awesome next-gen PS4 graphics in “The Order: 1886”
How Instagram.com works
O’Reilly’s Programming JavaScript Applications by Eric Elliott for free (Early Access release)
hiphop php
PHP’s HipHop outperforms PHP 5.5 with Zend OPCache and Nginx by 15-20 times
DigitalOcean coupon voucher 50
Only today: $50 coupon for DigitalOcean SSD VPS / hosting
css3-chrome-font
[Link] Retinafy your Site / Device by Nijiko Yonskai

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy