Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
May 3, 2014
Chris
Login, Security
Comments Off on Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected

Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected

PreviousNext

Just a short notice rather than a real article, full story later (I need to check the facts): Several sources are posting about a recently discovered hard-to-fix bug in the extremely popular open-source authentication libraries/services OAuth and OpenID, used by lots of AAA-level sites, from PayPal to Facebook.

 

Articles:
cnet – Serious security flaw in OAuth, OpenID discovered
lifehacker – Security Flaw Found in OAuth and OpenID, Here’s What It Means for You
(german) zdnet – Schwere Sicherheitslücke in OAuth und OpenID entdeckt


Huge info-page by Wang Jing, the guy who has discovered the bug:
http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html


YouTube channel (of Wang Jing), showing reproduceable examples (on Facebook, LinkedIn and Google):
https://www.youtube.com/user/tetraph


Info video:

https://www.youtube.com/watch?v=HUE8VbbwUms


Reproduceable examples (taken from the above YouTube channel)

https://www.youtube.com/watch?v=iif6eq2cvso

https://www.youtube.com/watch?v=Y2-2Scp0pbs

https://www.youtube.com/watch?v=GyNGBuHNoJ0

 

Share this
composer

The difference between “composer install” and “composer update” – nailed on the head

What a beautiful, direct and clean explaination of the often-confusing difference between composer install and composer update: Beau Simensen (Twitter,

PHPStorm: 42 Tips and Tricks (47min video talk by Mikhail Vink at Dutch PHP Conference 2015)

To be honest I’ve not seen the clip yet, but it sounds so awesome and everybody is upvoting it. Have

photoshop-cc-deal

Adobe offers Photoshop for $9.99 per month (limited deal)

Currently Adobe offers the very latest version of Photoshop (which is Photoshop CC) for just $9.99 or 12,99€ (EU zone:

Compare 250+ cloud server plans with Cloud Cost Calculator

How cool is that ? The Cloud Cost Calculator compares more than 250 cloud server plans of Amazon, Rackspace, DigitalOcean,

You made a mess with Git ? Here’s a flowchart guideline on how to fix

Extremely useful. Originally created by Justin Hileman in the presentation Changing History, or How to Git pretty. You’ll also find

Migrating Wikipedia to HHVM (@Scale Conference 2014)

Awesome topic, superfresh, directly from Scale Conference 2014. The title says everthing. Full quote from video’s description: As a top

ubuntu-14-04-lts lamp

How to install/setup a basic LAMP stack (Linux, Apache, MySQL, PHP) on Ubuntu 14.04 LTS

This little tutorial shows how to setup Apache, MySQL and PHP on a Linux server, in this case Ubuntu 14.04

php

Test out PHP 5.6alpha1 on Windows 7 / 8 with two clicks

The popular Apache-MySQLP-PHP stack EasyPHP has become very professional, maintained and especially modularized in the last 2 years, and when

php uk conference

Slides & talks from PHP UK Conference 2014

The slides of most of PHP UK CONFERENCE 2014‘s talks are online, very interesting stuff, have a look. And a

php

12 tools for better PHP quality

Nice selection of 12 tools every PHP developer should bookmark. I totally love how the PHP community becomes some kind

1/4

Categories

Search

composer
[Link] How to require versions of PHP, HHVM / HipHop, GD, curl, openssl etc. with Composer
Perfect HTML email templates for perfect HTML emails (outlook!) with INK
php uk conference
Slides & talks from PHP UK Conference 2014
[Link] Redesigning SoundCloud by Evan Simoni
git-php-deployment
Extremely simple deployment with PHPloy
modern-php
Creator of Slim framework and “PHP – The right way” writes book: “Modern PHP”, available 2015
php
Redesigning the PHP logo – who wants ?
times-new-roman
The Times talks about Times New Roman (3min video)
sass laravel
SASSmeister is a real-time JSfiddle for SASS / CSS. Awesome!
angularjs
Two excellent introductions into AngularJS by Todd Motto
set up a local virtual machine for development with vagrant and puphpet / puppet (and ubuntu, linux, php, apache, mysql)
A super-simple pre-configured Vagrant box with HipHop, Hack and Hack code examples
Joshua Davis – my hero of Flash – in two excellent interviews (audio, video)
Beautiful, minimal WordPress theme ZUKI by Elmastudio (with 30% discount)
Creators of Laravel launch one-click-installations of Laravel (including nginx, PHP 5.5 etc.)
Create a fast, perfect and bootable 1:1 Windows backup (full clone of HDD) for SSD migration

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy