Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
May 3, 2014
Chris
Login, Security
Comments Off on Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected

Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected

PreviousNext

Just a short notice rather than a real article, full story later (I need to check the facts): Several sources are posting about a recently discovered hard-to-fix bug in the extremely popular open-source authentication libraries/services OAuth and OpenID, used by lots of AAA-level sites, from PayPal to Facebook.

 

Articles:
cnet – Serious security flaw in OAuth, OpenID discovered
lifehacker – Security Flaw Found in OAuth and OpenID, Here’s What It Means for You
(german) zdnet – Schwere Sicherheitslücke in OAuth und OpenID entdeckt


Huge info-page by Wang Jing, the guy who has discovered the bug:
http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html


YouTube channel (of Wang Jing), showing reproduceable examples (on Facebook, LinkedIn and Google):
https://www.youtube.com/user/tetraph


Info video:

https://www.youtube.com/watch?v=HUE8VbbwUms


Reproduceable examples (taken from the above YouTube channel)

https://www.youtube.com/watch?v=iif6eq2cvso

https://www.youtube.com/watch?v=Y2-2Scp0pbs

https://www.youtube.com/watch?v=GyNGBuHNoJ0

 

Share this
laracon-2014-eu-amsterdam

Laracon 2013 – Kapil Verma: Engineering Complex Applications with Laravel 4 (40min video)

More videos of 2013’s and 2014’s Laracon events from US and EU on their Youtube channel.

[Link] Making a website vertically responsive

Very useful tutorial by Ian Yates: How to make a website VERTICALLY responsive, adapting its content for small heights. Interesting

js javascript

How JavaScript really works – An introduction into the JavaScript call stack by Philip Roberts (20min video)

gamescom 2014 trailers

GAMESCOM 2014: Awesome Next-Gen ingame graphics

Currently Germany’s biggest conference of the gaming industry is running, and everyday awesome stuff reaches the public. Excellent in-game sequences

php

How the PHP session garbage collector really works

Sessions in PHP are easy to handle, but have a tricky configuration underneath. The common opinion is, that when you

hearthbleed-ssl-bug

The SSL Heartbleed bug explained in 30 seconds

Another excellent comic by xkcd (a site that publishes dev/op/web-related comics, usually nailing things right to the head): This time

php

Redesigning the PHP logo – who wants ?

The current PHP logo is a really lovely one, it is highly accepted and has its own charme, transports a

DigitalOcean coupon voucher 50

Only today: $50 coupon for DigitalOcean SSD VPS / hosting

Wow! The supernice SSD-cloud-server-provider DigitalOcean adds $50 (!) to new customers accounts ONLY TODAY (US-time-zones, so calculate if this is

All new features of WordPress 3.9 in this 2 minute video

This is an experimental advertisement

The blogosphere is full of annoying flash banners, GoogleAds and questionable product placements. So… let’s try out something new. :)

1/4

Categories

Search

php
How to install sqlite driver for PHP in Ubuntu & Debian
forbes 30 under 30
Need motivation ? Check out these 2 awesome “FORBES 30 under 30” lists (web, UI, games)
php
Somebody is writing a compiler for PHP, compiles down to machine code, outperforms HHVM
How to hack time (KUNG FURY promo campaign)
ubuntu-14-04-lts lamp
How to install/setup a basic LAMP stack (Linux, Apache, MySQL, PHP) on Ubuntu 14.04 LTS
Awesome next-gen PS4 graphics in “The Order: 1886”
js javascript
How JavaScript really works – An introduction into the JavaScript call stack by Philip Roberts (20min video)
php
How to install latest PHP 5.4.x on Ubuntu 12.04 LTS (Precise Pangolin)
php
Test out PHP 5.6alpha1 on Windows 7 / 8 with two clicks
angular js
Learn AngularJS in 20 (or 90) minutes with Dan Wahlin
photoshop-cc-deal
Adobe offers Photoshop for $9.99 per month (limited deal)
-45% (or even 50%) off on DesignWall today
Berlin, prepare for TOA conference (15th – 17th of July)
Dangerous Performance Myths in the Web (video talk by Thomas Lohner, PHPUG Latvia)
php
Awesome list of Design Patterns with PHP code examples

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy