Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
May 3, 2014
Chris
Login, Security
Comments Off on Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected

Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected

PreviousNext

Just a short notice rather than a real article, full story later (I need to check the facts): Several sources are posting about a recently discovered hard-to-fix bug in the extremely popular open-source authentication libraries/services OAuth and OpenID, used by lots of AAA-level sites, from PayPal to Facebook.

 

Articles:
cnet – Serious security flaw in OAuth, OpenID discovered
lifehacker – Security Flaw Found in OAuth and OpenID, Here’s What It Means for You
(german) zdnet – Schwere Sicherheitslücke in OAuth und OpenID entdeckt


Huge info-page by Wang Jing, the guy who has discovered the bug:
http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html


YouTube channel (of Wang Jing), showing reproduceable examples (on Facebook, LinkedIn and Google):
https://www.youtube.com/user/tetraph


Info video:

https://www.youtube.com/watch?v=HUE8VbbwUms


Reproduceable examples (taken from the above YouTube channel)

https://www.youtube.com/watch?v=iif6eq2cvso

https://www.youtube.com/watch?v=Y2-2Scp0pbs

https://www.youtube.com/watch?v=GyNGBuHNoJ0

 

Share this

All new features of WordPress 3.9 in this 2 minute video

mod-rewrite-ubuntu-14-04-lts

How to enable mod_rewrite in Ubuntu 14.04 LTS

A little note first: This is the most basic way to enable mod_rewrite. However, it’s not the best way. The

modern-php

Creator of Slim framework and “PHP – The right way” writes book: “Modern PHP”, available 2015

Definitly something every non-superexpert-PHP-developer should have on its books-to-buy-in-2015-list: Josh Lockhart, creator of the legendaray Slim framework and the famous

Quick fix for 404 error in WordPress category / tag page

Just a quick fix for a common problem: Sometimes, especially after switching themes, wordpress will generate 404 errors on the

Meet the developers behind Ableton (14min video)

An excellent short documentation about the developers behind Ableton, the legendary creators of Ableton Live and Push. Without doubt, Live

java

Interesting: code of the same application in PHP, Python, Ruby, Closure, node.js, Java and Go

Definitly worth a look: Adam Bard created a tiny application in 4 different languages (PHP, Python, Ruby, Closure), just to

Dangerous Performance Myths in the Web (video talk by Thomas Lohner, PHPUG Latvia)

A very interesting talk from Latvia’s (not 100% sure) PHP usergroup meeting: Thomas Lohner (of SysEleven) explains why some of

git-php-deployment

Extremely simple deployment with PHPloy

Let me ask you a question: How mad do you get when you have to remember which files you edited

phpstorm 7.0 php

A perfect video tutorial to get started with xdebug in PHPStorm

Laracast just published an excellent short tutorial on how to get install xdebug in a local environment and how to

hack-php

Facebook releases HipHop (HHVM) 3.0, adds mysqli and support for Hack language

Lots of movement in the PHP world these days! After releasing Hack (a dramatically improved fork of the entire PHP

1/4

Categories

Search

vagrant
A super-simple Vagrant LAMP stack bootstrap (installable with one command)
battlefield-3-free
Electronic Arts / Origin offers Battlefield 3 for free (limited promo action) !
bitdeli git github stats
Get visitor stats for your GitHub repo with BitDeli
sass
New features in SASS 3.3 (a talk by SASS-creator Chris Eppstein)
Hacking ATMs – A conference talk about the current security state of Windows XP driven cash machines
phpstorm-8
PHPStorm 8 (early access version) released – for free
Symfony devs: Creator of Symfony framework is hiring (Cologne, Germany)!
Install Laravel 4 on Ubuntu 12.04 LTS (a how-to tutorial)
js javascript
Push database changes to all clients in real-time (!) with AngularJS and Firebase
The architecture of StackOverflow
mod-rewrite-ubuntu-14-04-lts
How to install / setup PHP 5.5.x on Ubuntu 12.04 LTS
Perfect HTML email templates for perfect HTML emails (outlook!) with INK
The New Era of JavaScript (28min conference talk, Jack Franklin, 2013)
8 awesome pure CSS spinner / loader
ubuntu-14-04-lts lamp
How to install/setup a basic LAMP stack (Linux, Apache, MySQL, PHP) on Ubuntu 14.04 LTS

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy