Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
May 3, 2014
Chris
Login, Security
Comments Off on Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected

Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected

PreviousNext

Just a short notice rather than a real article, full story later (I need to check the facts): Several sources are posting about a recently discovered hard-to-fix bug in the extremely popular open-source authentication libraries/services OAuth and OpenID, used by lots of AAA-level sites, from PayPal to Facebook.

 

Articles:
cnet – Serious security flaw in OAuth, OpenID discovered
lifehacker – Security Flaw Found in OAuth and OpenID, Here’s What It Means for You
(german) zdnet – Schwere Sicherheitslücke in OAuth und OpenID entdeckt


Huge info-page by Wang Jing, the guy who has discovered the bug:
http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html


YouTube channel (of Wang Jing), showing reproduceable examples (on Facebook, LinkedIn and Google):
https://www.youtube.com/user/tetraph


Info video:

https://www.youtube.com/watch?v=HUE8VbbwUms


Reproduceable examples (taken from the above YouTube channel)

https://www.youtube.com/watch?v=iif6eq2cvso

https://www.youtube.com/watch?v=Y2-2Scp0pbs

https://www.youtube.com/watch?v=GyNGBuHNoJ0

 

Share this
php

[Link] How to create, read, update and delete (CRUD) with PDO, MySQLi and MySQL the right way (prepared statements)

Mike Dalisay has written an excellent tutorial on the CORRECT USAGE of basic CRUD functions (create, read, update, delete) with

Rare Steve Jobs AND Bill Gates video interview from 2007’s D5 conference (90min)

This is something great! Two of the most important people in the last 20 years’s mainstream consumer IT history in

You made a mess with Git ? Here’s a flowchart guideline on how to fix

Extremely useful. Originally created by Justin Hileman in the presentation Changing History, or How to Git pretty. You’ll also find

JavaScript ECMAScript6 – A short video introduction (5min)

Excellent introduction into the new ECMAScript6, the spec behind JavaScript.

dev coding cards deck

Nice gifts for devs: Nerdy playing-cards decks

Wonderful idea: Playing cards decks for developers. No, not scrum-cards, more the classic stuff. Code:deck $10 plus $5 for shipping

php uk conference

Slides & talks from PHP UK Conference 2014

The slides of most of PHP UK CONFERENCE 2014‘s talks are online, very interesting stuff, have a look. And a

set up a local virtual machine for development with vagrant and puphpet / puppet (and ubuntu, linux, php, apache, mysql)

A super-simple pre-configured Vagrant box with HipHop, Hack and Hack code examples

Another game-changing project: Victor Berchet‘s HHVM Vagrant box is a simple Ubuntu 12.04 LTS Vagrant-box that comes with preinstalled HHVM/HipHop

phpstorm 7.0 php

PHPStorm 7 has been released!

DEV METAL does not get any money for saying this and there is no affiliate link or similar. This post

Microsoft announces “holographic” 3D interfaces (promo video)

Microsoft has just announces the damn future in business und consumer electronics! Interactive, “holographic” 3D environments, usable without a keyboard,

Hacking ATMs – A conference talk about the current security state of Windows XP driven cash machines

A few days ago the 30th edition of Germany’s Chaos Communication Congress took place, a high-profile event for IT-security and

1/4

Categories

Search

hiphop php
HipHop VM reaches 100% green Unit Tests in Laravel, Drupal, Slim, CodeIgniter etc.
php
PHP.net hacked, but most things are fine again
Soundcloud’s “VP of Engineering” about using SSDs
Bézier Curves – Under the Hood (4min video)
Frontend Ops Conf 2014 – Keynote by Alex Sexton: “Front End Operations”
phpstorm 7.0 php
How to install GitHub’s, NetBeans’s and Sublime2’s syntax highlighting code colours theme in PHPStorm 6/7
“Fuck you. Pay Me.” How to deal with clients, the professional way. An excellent talk with Mike Monteiro.
php
Postmodern PHP: appserver.io, a multithreaded application server for PHP, written in PHP
organizing css
Jonathan Snook – CSS is a Mess – How to organize CSS in big projects (54min video talk)
js javascript
[video] Netflix JavaScript Talks about ECMAScript 7: The Evolution of JavaScript
php
How to prevent PHP sessions being shared between different apache vhosts / different applications
sass laravel
Extremely easy SASS in Laravel (with pure PHP)
shadow dom
A quick video introduction into Shadow-DOM, the game-changing DOM-subtree-technology
increase-your-pagespeed-score
Increase your PageSpeed score (10min video with Matt Gaunt)
php
PHP 5.6.0 RC1 is available

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy