Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
May 3, 2014
Chris
Login, Security
Comments Off on Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected

Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected

PreviousNext

Just a short notice rather than a real article, full story later (I need to check the facts): Several sources are posting about a recently discovered hard-to-fix bug in the extremely popular open-source authentication libraries/services OAuth and OpenID, used by lots of AAA-level sites, from PayPal to Facebook.

 

Articles:
cnet – Serious security flaw in OAuth, OpenID discovered
lifehacker – Security Flaw Found in OAuth and OpenID, Here’s What It Means for You
(german) zdnet – Schwere Sicherheitslücke in OAuth und OpenID entdeckt


Huge info-page by Wang Jing, the guy who has discovered the bug:
http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html


YouTube channel (of Wang Jing), showing reproduceable examples (on Facebook, LinkedIn and Google):
https://www.youtube.com/user/tetraph


Info video:

https://www.youtube.com/watch?v=HUE8VbbwUms


Reproduceable examples (taken from the above YouTube channel)

https://www.youtube.com/watch?v=iif6eq2cvso

https://www.youtube.com/watch?v=Y2-2Scp0pbs

https://www.youtube.com/watch?v=GyNGBuHNoJ0

 

Share this

[Link] Improving Smashing Magazine’s Performance: A Case Study

The title says it all: A very interesting guide through the optimization process on one of the largest blogs in

phpstorm 7.0 php

How to debug code on a remote server (or in vagrant box) with PHPStorm

Please also note: There are several methods to do remote debugging. This is the one that works without any browser

Compare 250+ cloud server plans with Cloud Cost Calculator

How cool is that ? The Cloud Cost Calculator compares more than 250 cloud server plans of Amazon, Rackspace, DigitalOcean,

How to hack time (KUNG FURY promo campaign)

:) Finally, KUNG FURY is out! No need for further words, unless you lived in a cave for the last

js javascript

[video] Netflix JavaScript Talks about ECMAScript 7: The Evolution of JavaScript

DigitalOcean coupon voucher 50

Only today: $50 coupon for DigitalOcean SSD VPS / hosting

Wow! The supernice SSD-cloud-server-provider DigitalOcean adds $50 (!) to new customers accounts ONLY TODAY (US-time-zones, so calculate if this is

DEF CON 18 – When your computer got stolen and you can still SSH into it: “Pwned by the 0wner” (22min conference talk)

A fantastic masterpiece of a conference talk: Mac got stolen. Bummer! Two years later: owner SSHs into it (!), installs

8 awesome pure CSS spinner / loader

Excllent spinner / loader in pure CSS, made with just one element (even if the demo shows this in a

JavaScript ECMAScript6 – A short video introduction (5min)

Excellent introduction into the new ECMAScript6, the spec behind JavaScript.

How to fix the ugly font rendering in Google Chrome

Update, August 2014: Google has rolled out Chrome 37, which finally fixes this issue nativly. Yeah! For historical reasons the

1/4

Categories

Search

phpstorm-github-code-color-syntax-theme
Get Github’s syntax highlighting colors in PHPStorm
Beautiful, minimal WordPress theme ZUKI by Elmastudio (with 30% discount)
vagrant
A preinstalled Vagrant box with PHP HipHop / HHVM and Ubuntu 12.04 (Precise Pangolin)
php
[Link] Excellent PHP best practices, 2014 style
css3-chrome-font
Google rolls out Chrome 37, finally fixes horrible font-rendering
Frontend Ops Conf 2014 – Sarah Goff-Dupont: Git, Continuous Integration and Making It Pretty (31min video)
logo-internet-explorer
How to professionally test on old Internet Explorer versions
js javascript
JavaScript Testing Tactics (21min video by Justin Searls)
php
A super-simple introduction into PHP namespaces (7min video)
Interesting stats on SONY’s hacked passwords
dev coding cards deck
Nice gifts for devs: Nerdy playing-cards decks
sass laravel
SASSmeister is a real-time JSfiddle for SASS / CSS. Awesome!
Install MINI in 30 seconds inside Ubuntu 14.04 LTS
Disappointed by Watch Dogs’s graphics ? See how it looks with unlocked, hidden settings. Awesome!
unreal-4-engine
Tim Sweeney talks about the future of game graphics (and which hardware we need to “clone” reality)

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy